2

In my Web-API, i have various methods declared at interface level. And implementation of each method is written at service level. At each method declared i have added audit Annotations, something like this 

 CreateStackResponse createStack(@AuditId("id") String id, @AuditModule("module") String module, CreateStackRequest createStackRequest)

My Audit table columns are: id, context-id, message, details, user-id, module, submodule,...

How can i build a message(for eg. "create stack request is initiated by abc user") to store. One solution is like at service level i will call one method(say logEvent(required parameters)) which will store audit in database. Can we do this with simple Annotations, at interface level itself? For example how can i save audit logs as shown in aws elastic beanstalk's event tab.

message shown in details column is dynamic

user10144071
  • 135
  • 11

1 Answers1

1

Annotations do not provide any behavior to your code all by themselves. All that annotations are is what their name implies...extra information attached to your code. The power of annotations comes in when you have code that uses introspection at runtime to look at your compiled code's definitions and do things based on these annotations.

The Spring framework does this extensively. It looks at the annotations on your code and uses them to decide how to wire up your application. It will often create wrapper classes around your own classes so that it can inject its own logic on top of your code.

You could certainly do something like this on your own, but it isn't trivial. I would suggest looking at AspectJ, or some other aspect oriented programming (AOP) framework. I would suggest studying the idea of aspect oriented programming in general, as what you are wanting to do is one of the most common problems that it looks to solve. Using the Spring framework would also be a great leg-up on attacking problems like this. It includes a module for doing AOP, "Spring AOP".

No matter how you go about this with annotations, you're talk about a lot of learning and potentially restructuring your code to use third party packages. You may very well want to give up the idea of using annotations and just put simple logging code in your primary logic.

I just Googled for "using aspect oriented programming for auditing" and got a lot of interesting hits. Here's one such hit. I don't know if it's the best resource for your purpose, but it will give you an idea of what I'm talking about here:

http://idanfridman.com/2014/05/13/clean-auditing-infrastructure-for-your-app-using-aop-custom-annotations-and-reflection/

CryptoFool
  • 21,719
  • 5
  • 26
  • 44
  • okay so i will have to dig more on AOP side. There are times when some other methods do lots of stuff. Like in my case for eg. i called method which launch linux instance ec2 machine, then it creates user inside that ec2 instance by creating ssh connection. So this creating user should also get audit logged. Means creating machine, request to create machine sent, machine created successfully, creating abc user in instance, successfully created abc user. in this sequence – user10144071 Apr 02 '19 at 17:25
  • Yes, I get it. AOP is amazing for this. It's almost magic once you get over the hump of setting it up. The main thing is that it is almost perfectly transparent, so you get very powerful auditing without having to muck up your code with logging calls. It also, if done right, can catch cases where logging isn't being applied, and so a desired audit point has gotten missed. - I like your idea, btw, of directing the auditing with annotations. There's no reason at all that your AOP code couldn't look for those annotations and classify and direct a log entry per that information. – CryptoFool Apr 02 '19 at 17:57
  • We cannot have dynamic values in aop annotation. So i ended up adding methods where i want audits i am adding my logEvent method which takes required parameters and store it in DB. And it adds as an Blocking Queue – user10144071 Apr 12 '19 at 16:13