AuditingInterceptor etc

Hi there

Are there any examples how to use AuditingInterceptor, AuditLogger etc in an application? It’s not clear how to configure auditing in an application.

Thanks

Dave

Hi Dave,

have you tried the documentation? http://www.axonframework.org/docs/1.1/command-handling.html#auditing-interceptor. It’s not very extensive, I admit.

On the AuditingInterceptor, there are two setters, one for an AuditDataProvider and one for an AuditLogger. You can use either one, or just one of the two.
The AuditDataProvider allows you to attach meta data to all events generated as a result of the command (passed as parameter to the AuditDataProvider). The AuditLogger allows you to write logging information to an external location.

You will need to create a class that implements the AuditDataProvider or AuditLogger interfaces, depending on what you want to do. From there, it’s simply a question of:

AuditingInterceptor auditingInterceptor = new AuditingInterceptor();
auditingInterceptor.setAuditDataProvider(new MyOwnAuditDataProviderInstance());

Hope that helps.
Cheers,

Allard

Allard thanks for this. I understand now that I would need to
configure the SimpleCommandBus with an auditing interceptor.

Hi ,

i'm sorry to revamp the question, but, there is any sample that show
the recommend way to integrate audit on events and/or command?

By the way for what i've read here and in the documentation, it seem
to me that audit is conceived as an aspect more related to event than
to command.

My purpose in audit approach is being able to log user intention to
alter the domain state, whether or not this action finalize in a state
change and in a corresponding event.

For this reason - and for the consideration that in asynchronous event
and command handling seems more difficult to gather user metadata -
I'm thinking to audit commands before they are dispatched to the
command bus.

Thanks

Domenico

Hi Domenico,

the projects I currently work on myself don’t need auditing any other than the Event Store itself. So I don’t have any samples at hand right now. But if you really want to create me one, I can do that.

Keeping an audit log is nothing more than leaving a long paper trail of everything you do (or attempt), in order to be able to prove something. The information located in the Event Store is in many cases suitable as audit trail. But events do not always capture all the information. The IP address from a user, for example, might be important in some usecases. Other may need to log the time of the incoming command in order to find out if an SLA is met. Where that type of information is taken from is really up to you. In some cases you might have an HttpServletRequest, in other cases you need to explicitly attach that information to a command.
The advantage of attaching the information to events is that, even with asynchronous event handlers, your components have access to the relevant information about the context in which an event was generated.

So to answer your question about the recommended way to do auditing: make sure you leave a trail of everything that is relevant. Ant he most important question to ask here is: who will do the auditing? The Tax Authorities will have different information needs than a customer that wants proof of whether you’ve met the processing speed SLA.

You state you want to log user intent, regardless of the outcome. That’s exactly what the AuditLogger allows you to do. For each command processed, the AuditingInterceptor will call the AuditLogger with the command, the processing result (albeit a return value, void or an exception) and the events that were generated in the process. The latter can be an empty list, if nothing happened.

I hope this clarifies it a bit.

Cheers,

Allard

Hi Allard,

thank you for the quick and kind response. I was about to write to
clarify my previous post, this time supported by some experience on
code.
After looking at the javadoc and the source code of
AuditingInterceptor, where i found that it implements
CommandHandlerInterceptor, the whole picture became more clear to me.
So i found that my assumption was flaky.
For the sake of the beginners like me I report here after the
configuration that let me to configure the auditing aspect: