It's not the easiest solution, but you could have your clients do all of their operations by invoking a geode Function on the server. That function could do your audit logging and then delegate to the the actual operation you want to do - put/get/destroy/etc. If you use FunctionService.onRegion().withFilter(your_key) on the client, the function will execute on a member where the key is stored on the server so you wouldn't see much performance impact due to using the function. You could use the AccessControl to block operations that don't come through your function.
-Dan On Tue, Oct 24, 2017 at 7:01 PM, Akihiro Kitada <[email protected]> wrote: > Hello Daniel, > > Here is mailing list space for Apache Geode user. And also, your question > is based on older Security Framework, which has been obsoleted with Apache > Geode. > > The new security framework brought from Apache Geode based on Apache Shiro > is totally different from older GemFire's framework. You don't need to > implement AccessControl interface for specific authorization module any > more. Instead, you just implement SecurityManager interface for both > authentication and authorization implementation in your consolidated > security manager class. > > Actually, you can authorize any requests based on more granular level with > using new security framework like below. > > http://geode.apache.org/docs/guide/12/managing/security/impl > ementing_authorization.html > > If you still want to ask questions on older security framework, you can > ask questions on Pivotal GemFire forum or file a support ticket for Pivotal > Support. > > [Pivotal GemFire forum] > https://discuss.pivotal.io/hc/en-us/community/topics/2000532 > 18-Pivotal-GemFire-Forum > > [Pivotal Support] > https://support.pivotal.io/ > > Thanks. > > > > -- > Akihiro Kitada | Staff Customer Engineer | +81 80 3716 3736 > <+81%2080-3716-3736> > Support.Pivotal.io <http://support.pivotal.io/> | Mon-Fri 9:00am to > 5:30pm JST | 1-877-477-2269 <(877)%20477-2269> > [image: support] <https://support.pivotal.io/> [image: twitter] > <https://twitter.com/pivotal> [image: linkedin] > <https://www.linkedin.com/company/3048967> [image: facebook] > <https://www.facebook.com/pivotalsoftware> [image: google plus] > <https://plus.google.com/+Pivotal> [image: youtube] > <https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl> > > > 2017-10-24 19:08 GMT+09:00 Vedamuthu, Daniel Pravin < > [email protected]>: > >> Hi Team, >> >> >> >> We are trying to do some audit logging on the Gemfire server side for >> every client operation, as per our requirement we need to log details like >> timestamp, client name, operation/function, client system IP, payload and >> response time. In order to do this we tried to use the Gemfire >> Authentication and Authorization framework, we have an implementation of >> AccessControl interface and have our log statements in the >> authorizeOperation method for both pre and post calls, but we ran into some >> issues and we need help to proceed further. >> >> >> >> Using this approach we are able to get most of the details, except for >> response time, originally we planned get the response time by getting the >> difference in time between the pre and post-calls to authorizeOperations >> for the same operation, but turns out the post-operation call is not >> invoked for DESTROY, PUT, etc. and based on clarification from the Pivotal >> support we understand that the reason for this is because these operations >> do not return any information back. >> >> >> >> We would like to know if there is any other way to log all the required >> information for audit purposes for each client operation/call. Please let >> me know if you need any additional information. Thanks >> >> >> >> Regards >> >> Daniel >> >> Citi >> >> >> > >
