https://issues.apache.org/jira/browse/AMQ-3100 - audit logging for JMX

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1051497 13f79535-47bb-0310-9956-ffa450edef68
2010-12-21 14:02:17 +00:00 · 2010-12-21 14:02:17 +00:00 · 2306d96241
parent e35519f3a1
commit 2306d96241
3 changed files with 56 additions and 16 deletions
--- a/activemq-core/src/main/java/org/apache/activemq/broker/jmx/AnnotatedMBean.java
+++ b/activemq-core/src/main/java/org/apache/activemq/broker/jmx/AnnotatedMBean.java
@ -16,20 +16,19 @@
 */
 package org.apache.activemq.broker.jmx;

+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;

-import javax.management.InstanceAlreadyExistsException;
-import javax.management.MBeanAttributeInfo;
-import javax.management.MBeanOperationInfo;
-import javax.management.MBeanParameterInfo;
-import javax.management.MBeanRegistrationException;
-import javax.management.MBeanServer;
-import javax.management.NotCompliantMBeanException;
-import javax.management.ObjectName;
-import javax.management.StandardMBean;
+import javax.management.*;
+import javax.security.auth.Subject;

 /**
 * MBean that looks for method/parameter descriptions in the Info annotation.
@ -37,10 +36,17 @@ import javax.management.StandardMBean;
 public class AnnotatedMBean extends StandardMBean {

  private static final Map<String, Class<?>> primitives = new HashMap<String, Class<?>>();
+
+  private static final Log LOG = LogFactory.getLog("org.apache.activemq.audit");
+
+  private static boolean audit;
+
  static {
    Class<?>[] p = { byte.class, short.class, int.class, long.class, float.class, double.class, char.class, boolean.class, };
-    for (Class<?> c : p)
+    for (Class<?> c : p) {
      primitives.put(c.getName(), c);
+    }
+    audit = "true".equalsIgnoreCase(System.getProperty("org.apache.activemq.audit"));
  }
  
  @SuppressWarnings("unchecked")
@ -154,4 +160,20 @@ public class AnnotatedMBean extends StandardMBean {
      return null;
    }
  }
+
+    @Override
+    public Object invoke(String s, Object[] objects, String[] strings) throws MBeanException, ReflectionException {
+        if (audit) {
+            Subject subject = Subject.getSubject(AccessController.getContext());
+            String caller = "anonymous";
+            if (subject != null) {
+                caller = "";
+                for (Principal principal : subject.getPrincipals()) {
+                    caller += principal + " ";
+                }
+            }
+            LOG.info(caller + " called " + this.getMBeanInfo().getClassName() + "." + s  + Arrays.toString(objects) + "");
+        }
+        return super.invoke(s, objects, strings);
+    }
 }
--- a/assembly/src/release/bin/activemq
+++ b/assembly/src/release/bin/activemq
@ -119,6 +119,13 @@ ACTIVEMQ_USER=""
 # Set jvm memory configuration
 ACTIVEMQ_OPTS_MEMORY="-Xms256M -Xmx256M"

+if [ -z "$ACTIVEMQ_OPTS" ] ; then
+    ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS_MEMORY -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Djava.util.logging.config.file=logging.properties"
+fi
+
+# Uncomment to enable audit logging
+#ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS -Dorg.apache.activemq.audit=true"
+
 # Set jvm jmx configuration
 # This enables jmx access over a configured jmx-tcp-port.
 # You have to configure the first four settings if you run a ibm jvm, caused by the
@ -468,10 +475,8 @@ invoke_start(){
      exit 0
    fi

-    if [ -z "$ACTIVEMQ_OPTS" ] ; then
-        ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS_MEMORY -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Djava.util.logging.config.file=logging.properties"
-    fi
    ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS $ACTIVEMQ_SUNJMX_START $ACTIVEMQ_SSL_OPTS"
+
    echo "INFO: Starting - inspect logfiles specified in logging.properties and log4j.properties to get details"
    invokeJar $ACTIVEMQ_PIDFILE
    exit "$?" 
@ -493,9 +498,7 @@ invoke_console(){
      echo "ERROR: ActiveMQ is already running"
      exit 1
    fi
-    if [ -z "$ACTIVEMQ_OPTS" ] ; then
-        ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS_MEMORY -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Djava.util.logging.config.file=logging.properties"
-    fi
+
    ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS $ACTIVEMQ_SUNJMX_START $ACTIVEMQ_SSL_OPTS"

    COMMANDLINE_ARGS="start $(echo $COMMANDLINE_ARGS|sed 's,^console,,')"
--- a/assembly/src/release/conf/log4j.properties
+++ b/assembly/src/release/conf/log4j.properties
@ -49,3 +49,18 @@ log4j.appender.logfile.maxBackupIndex=5
 log4j.appender.logfile.append=true
 log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
 log4j.appender.logfile.layout.ConversionPattern=%d | %-5p | %m | %c | %t%n
+
+###########
+# Audit log
+###########
+
+log4j.additivity.org.apache.activemq.audit=false
+log4j.logger.org.apache.activemq.audit=INFO, audit
+
+log4j.appender.audit=org.apache.log4j.RollingFileAppender
+log4j.appender.audit.file=${activemq.base}/data/audit.log
+log4j.appender.audit.maxFileSize=1024KB
+log4j.appender.audit.maxBackupIndex=5
+log4j.appender.audit.append=true
+log4j.appender.audit.layout=org.apache.log4j.PatternLayout
+log4j.appender.audit.layout.ConversionPattern=%d | %-5p | %m | %c | %t%n