Recording Access Audit Events in JMS

Important

This procedure is an example of how to record access audit events with a JMS audit event handler configured to use the ActiveMQ message broker. This example is not tested on all configurations, and can be more or less relevant to your configuration.

For information about configuring the JMS event handler, see "JmsAuditEventHandler".

Record Audit Events With a JMS Audit Event Handler

Before you start, prepare IG as described in Getting Started Guide.

  1. Add ActiveMQ client dependencies to IG:

    1. Download the following .jar files from :

      • geronimo-j2ee-management_1.1_spec-1.0.1.jar

      • hawtbuf-1.11.jar

      • activemq-client-5.13.3.jar

    2. Add the .jar files to the configuration:

      • For IG in standalone mode, create the directory $HOME/.openig/extra, where $HOME/.openig is the instance directory: and add .jar files to the directory.

      • For IG in web container mode, add .jar files to the web container classpath. For example, in Jetty use /path/to/jetty/webapps/ROOT/WEB-INF/lib.

  2. Download and install the ActiveMQ message broker from http://activemq.apache.org/. For help, see the the ActiveMQ documentation on the same site.

  3. Create a consumer that subscribes to the audit topic.

    From the ActiveMQ installation directory, run the following command: 

    $ ./bin/activemq consumer --destination topic://audit

  4. Add the following route to IG: 

    $HOME/.openig/config/routes/30-jms.json
    %appdata%\OpenIG\config\routes\30-jms.json
    {
  "name": "30-jms",
  "MyCapture" : "all",
  "baseURI": "http://app.example.com:8081",
  "condition" : "${request.uri.path == '/activemq_event_handler'}",
  "heap": [
    {
      "name": "AuditService",
      "type": "AuditService",
      "config": {
        "eventHandlers" : [
          {
            "class" : "org.forgerock.audit.handlers.jms.JmsAuditEventHandler",
            "config" : {
              "name" : "jms",
              "topics": [ "access" ],
              "deliveryMode" : "NON_PERSISTENT",
              "sessionMode" : "AUTO",
              "jndi" : {
                "contextProperties" : {
                  "java.naming.factory.initial" : "org.apache.activemq.jndi.ActiveMQInitialContextFactory",
                  "java.naming.provider.url" : "tcp://openam.example.com:61616",
                  "topic.audit" : "audit"
                },
                "topicName" : "audit",
                "connectionFactoryName" : "ConnectionFactory"
              }
            }
          }
        ],
        "config" : { }
      }
    }
  ],
  "auditService": "AuditService",
  "handler" : {
    "type" : "StaticResponseHandler",
    "config" : {
      "status" : 200,
      "headers" : {
        "Content-Type" : [ "text/plain" ]
      },
      "reason" : "found",
      "entity" : "Message from audited route"
    }
  }
}

    When a request matches the /activemq_event_handler route, this configuration publishes JMS messages containing audit event data to an ActiveMQ managed JMS topic, and the StaticResponseHandler displays a message.

  5. Access the route on http://openig.example.com:8080/activemq_event_handler.

    Depending on how ActiveMQ is configured, audit events are displayed on the ActiveMQ console or written to file.

Read a different version of :