DefaultAuthorizer audit events - Weblogic

This is a discussion on DefaultAuthorizer audit events - Weblogic ; Hi, I'm developing a custom Auditor. My goal is to track authorization events in a log file (which users, which resources, whether it succeeded or not). I'm using Weblogic's default authorization provider. When authorization succeeds, I receive an AuditAtzEvent with ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: DefaultAuthorizer audit events

  1. DefaultAuthorizer audit events


    Hi,

    I'm developing a custom Auditor. My goal is to track authorization events in a
    log file (which users, which resources, whether it succeeded or not).
    I'm using Weblogic's default authorization provider.

    When authorization succeeds, I receive an AuditAtzEvent with all the information
    I need.

    When authorization fails, I would expect the DefaultAuthorizer to issue the same
    kind of event, somehow indicating the failure (e.g with an ERROR or FAILURE severity
    level). However, it seems like no event is issued.

    Is this the expected behavior for the DefaultAuthorizer or did I miss something
    in my configuration?
    Is there another way to detect failed authorizations?

    Thanks.

  2. Re: DefaultAuthorizer audit events

    From: "Peter"
    Newsgroups: weblogic.developer.interest.security
    References: <3f0d2a1b$1@newsgroups.bea.com>
    Subject: Re: DefaultAuthorizer audit events
    Date: Thu, 7 Aug 2003 07:12:33 -0400
    Lines: 30
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    NNTP-Posting-Host: 216.148.48.18
    X-Original-NNTP-Posting-Host: 216.148.48.18
    Message-ID: <3f323434@newsgroups.bea.com>
    X-Trace: newsgroups.bea.com 1060254772 216.148.48.18 (7 Aug 2003 04:12:52 -0700)
    X-Original-Trace: 7 Aug 2003 04:12:52 -0700, 216.148.48.18
    Organization: BEA NEWS SITE
    XPident: Unknown
    Path: newsgroups.bea.com!not-for-mail
    Xref: newsgroups.bea.com weblogic.developer.interest.security:10446


    "Jean-Pierre Raffarin" wrote in message
    news:3f0d2a1b$1@newsgroups.bea.com...
    >
    > Hi,
    >
    > I'm developing a custom Auditor. My goal is to track authorization events

    in a
    > log file (which users, which resources, whether it succeeded or not).
    > I'm using Weblogic's default authorization provider.
    >
    > When authorization succeeds, I receive an AuditAtzEvent with all the

    information
    > I need.
    >
    > When authorization fails, I would expect the DefaultAuthorizer to issue

    the same
    > kind of event, somehow indicating the failure (e.g with an ERROR or

    FAILURE severity
    > level). However, it seems like no event is issued.


    WLS should issue an audit event for both success and failure. It will also
    issue an audit event
    in the case of an exception from the providers isAccessAllowed method. If
    this is still
    happening, I would suggest opening a case.





+ Reply to Thread