Junos Space SDK > Developer Guides > Junos Space Application Developer Guide > Programming with the Junos Space SDK > Developing Junos Space Applications > Creating REST Services

Using Audit Logging in Third Party Applications

This topic provides information about how to record audit logs from a native application written in Java. Audit logs are records of database changes and other user and system operations, saved in the platform database for the purpose of security auditing and change tracking.

The net.juniper.jmp.websvc.helper.JSAuditlogHelper class is a utility class containing static methods that native Java applications can use to log their own audit records to the platform database. These records will subsequently appear in the Audit Log Management API.

These methods should be called from the REST service directly and not from an EJB method. The addModifiedObject() and addModifiedObjects() methods take a parameter of type AbstractManagedObject. These are the objects that are passed to the EJB call to be persisted to the database by the EJB business logic.

If you want to show a more detailed log on the Audit Log detail screen, you can override the getAuditDetail() method of any of your Managed Objects that extend from AbstractManagedObject. For example, see the Country JPA Entity of the HelloWorld reference application:

public class Country extends AbstractManagedObject implements Serializable {
. . . 
/*
* Implement getAuditDetail() to see name and population in the
* Audit Log Manager's detail screen.
*/

@Override
@XmlTransient
public String getAuditDetail() {
	String logDetail = "Name: " + name + ", " // line 10
	+ "Population: " + population;
	return logDetail;
}
}

Space calls getAuditDetail() for your class whenever its corresponding object is passed to addModifiedObjectToAuditLog or to addModifiedObjectsToAuditLog. If the getAuditDetail() method is overridden in the class, the string returned by the method is saved to the Audit Log table in Space's database, to be later displayed in the Audit Log Manager GUI. In the case of the Country Managed Object in HelloWorld, the getAuditDetail() method is returning a string in line 10, and this is what is displayed in Space Audit Log Detail screen:


 
Java API Parameter When to Use
public static void addDescriptionToAuditLog(final String description)
  • description: Description text to be recorded in the audit log record.
Use this method to log a text message, only.
public static void addJobIdToAuditLog(final int jobId, final String description)
     
  • jobId: Job Identifier (unique ID) generated while performing the asynchronous operation.
  • description: Description text to be recorded in the audit log record.
Use this method if the API validates the request body successfully and modifies a resource. This is used for the asynchronous operations. It accepts the job identifier (jobId) as one of its parameters, and the descriptive information of changes as the second parameter.
public static void addModifiedObjectToAuditLog(final AbstractManagedObject mo, final String description)
  • object: Managed Object that is modified by the REST API.
  • description: Any text that needs to be audit logged as description.
Use this method if the API validates the request body successfully and modifies a resource. This resource should be of the AbstactManagedObject type. Pass this object to the above method as the first parameter, and the descriptive information of changes as the second parameter.
public static void addModifiedObjectsToAuditLog(final List objectList, final String description)
  • objectList: List of Managed Objects that are modified by the REST API.
  • description: Description text to be recorded in the audit log record.
Use this method if the API validates the request body successfully and modifies more than one resource. These resources should be of the AbstactManagedObject type. Pass the list of these modified objects to the above method as first parameter, and the descriptive information about the changes as the second parameter.

Default Audit Logging

In many cases, default audit logs are generated even if you do not specify audit-log statements in the web services code. These cases are as follows:

For all HTTP methods

Default audit logs are generated for the CRUD operations such as GET, POST , PUT, DELETE. For example, refer to the sample audit logs:

GET

<audit-log key="1015824" href="/api/space/audit-log-management/audit-logs/1015824" 
uri="/api/space/audit-log-management/audit-logs/1015824">
	<userName>super</userName>
	<userIpAddr>10.0.2.2</userIpAddr>
	<description>Login Succeeded</description>
	<logTime>2012-06-08 12:20:37 UTC</logTime>
	<applicationName>REST</applicationName>
	<taskName>Login</taskName>
	<result>Success</result>
</audit-log>

POST

<audit-log key="66979" href="/api/space/audit-log-management/audit-logs/66979" 
uri="/api/space/audit-log-management/audit-logs/66979">
	<userName>super</userName>
	<userIpAddr>10.0.2.2</userIpAddr>
	<description>Description not available</description>
	<logTime>2012-05-28 12:37:06 UTC</logTime>
	<applicationName>REST</applicationName>
	<taskName>POST: /api/jssdk/hello-world/world/countries</taskName>
	<result>200</result>
</audit-log>

PUT

<audit-log key="66979" href="/api/space/audit-log-management/audit-logs/66979" 
uri="/api/space/audit-log-management/audit-logs/66979">
	<userName>super</userName>
	<userIpAddr>10.0.2.2</userIpAddr>
	<description>Description not available</description>
	<logTime>2012-05-28 12:37:06 UTC</logTime>
	<applicationName>REST</applicationName>
	<taskName>PUT: /api/jssdk/hello-world/world/countries/23</taskName>
	<result>204</result>
</audit-log>

DELETE

<audit-log key="819554" href="/api/space/audit-log-management/audit-logs/819554" 
uri="/api/space/audit-log-management/audit-logs/819554">
	<userName>super</userName>
	<userIpAddr>10.0.2.2</userIpAddr>
	<description>Description not available</description>
	<logTime>2012-06-06 14:21:13 UTC</logTime>
	<applicationName>REST</applicationName>
	<taskName>DELETE: /api/space/application-manager/applications/HelloWorld</taskName>
	<result>204</result>
</audit-log>

For all Authentication Events

Default audit logs are generated for authentication events such as login and logout. For example, refer to the sample audit logs:

Login

<audit-log key="1015824" href="/api/space/audit-log-management/audit-logs/1015824" 
uri="/api/space/audit-log-management/audit-logs/1015824">
	<userName>super</userName>
	<userIpAddr>10.0.2.2</userIpAddr>
	<description>Login Succeeded</description>
	<logTime>2012-06-08 12:20:37 UTC</logTime>
	<applicationName>REST</applicationName>
	<taskName>Login</taskName
	><result>Success</result>
</audit-log>

Logout

<audit-log key="1015826" href="/api/space/audit-log-management/audit-logs/1015826" 
uri="/api/space/audit-log-management/audit-logs/1015826">
	<userName>super</userName>
	<userIpAddr>10.0.2.2</userIpAddr>
	<description>Logout Succeeded</description>
	<logTime>2012-06-08 12:31:25 UTC</logTime>
	<applicationName>Network Application Platform</applicationName>
	<taskName>Logout</taskName>
	<result>Success</result>
</audit-log>