CMP Managed Audit Fields

CMP has the ability to automatically update certain columns in the database when create or update operations are performed. These can be used to implement a basic auditing strategy (but should not be considered a full-function auditing mechanism). The column updated may be exposed as cmp-fields to the EJB but do not need to be.

CMP can automatically generate values for:

  • The name of the user who created the record
  • The date/time at which the record was created
  • The name of the user who last updated the record
  • The date/time at which the record was last updated

Which of these fields are used is defined in jbosscmp-jdbc.xml using an <audit> tag for each entity.

User who Created a Record

When CMP creates a record in the database, it can be configured to automatically populate a column with the name of the Principal who called ejbCreate. This requires that a valid identity is associated with the call, which requires that the EJB is associated with a security-domain. The value inserted into the database is the same as the name of the Principal returned by EJBContext.getCallerPrincipal().

  <entity>
<ejb-name>AuditedEJB</ejb-name>
<audit>
<created-by>
<field-name>createdBy</field-name>
<column-name>CREATED_BY</column-name>
</created-by>
</audit>
</entity>

The field-name element is optional and defaults to "audit_created_by". If the field-name matches a defined cmp-field's name, then the accessors for that field can be used to read and write the audit value; to disable write access and have the field only updated by CMP, designate it as read-only. If no cmp-field is defined in ejb-jar.xml with the same name then a hidden field is created.

The column-name element is optional and defaults to the field-name.

Time a Record was created

When CMP creates a record in the database, it can be configured to automatically populate a column with the current date and time (as returned by System.currentTimeMillis()).

  <entity>
<ejb-name>AuditedEJB</ejb-name>
<audit>
<created-time>
<field-name>createTime</field-name>
<column-name>CREATE_TIME</column-name>
</created-time>
</audit>
</entity>

The field-name element is optional and defaults to "audit_created_time". If the field-name matches a defined cmp-field's name, then the accessors for that field can be used to read and write the audit value; to disable write access and have the field only updated by CMP, designate it as read-only. If no cmp-field is defined in ejb-jar.xml with the same name then a hidden field is created.

The column-name element is optional and defaults to the field-name.

User who Last Updated a Record

When CMP updates a record in the database, it can be configured to automatically populate a column with the name of the Principal who last invoked an operation on the EJB. This requires that a valid identity is associated with the call, which requires that the EJB is associated with a security-domain. The value inserted into the database is the same as the name of the Principal returned by EJBContext.getCallerPrincipal(). If multiple users invoked business methods (for example, through re-authentication or run-as configuation) the last one will be used.

  <entity>
<ejb-name>AuditedEJB</ejb-name>
<audit>
<updated-by>
<field-name>updatedBy</field-name>
<column-name>UPDATED_BY</column-name>
</updated-by>
</audit>
</entity>

The field-name element is optional and defaults to "audit_updated_by". If the field-name matches a defined cmp-field's name, then the accessors for that field can be used to read and write the audit value; to disable write access and have the field only updated by CMP, designate it as read-only. If no cmp-field is defined in ejb-jar.xml with the same name then a hidden field is created.

The column-name element is optional and defaults to the field-name.

Time a Record was Last Updated

When CMP updates a record in the database, it can be configured to automatically populate a column with the current date and time (as returned by System.currentTimeMillis()). This will be at the time the record is stored to the database, not the time at which a business method actually modified the data.

  <entity>
<ejb-name>AuditedEJB</ejb-name>
<audit>
<updated-time>
<field-name>updateTime</field-name>
<column-name>UPDATE_TIME</column-name>
</updated-time>
</audit>
</entity>

The field-name element is optional and defaults to "audit_created_time". If the field-name matches a defined cmp-field's name, then the accessors for that field can be used to read and write the audit value; to disable write access and have the field only updated by CMP, designate it as read-only. If no cmp-field is defined in ejb-jar.xml with the same name then a hidden field is created.

The column-name element is optional and defaults to the field-name.