Audit Addon Installation

Using this feature requires an additional license. Please contact your account manager or sales person for more information.

Dependencies & Versions

Bloomreach Experience Manager v16.x

Optional Connector Dependency Version
Elasticsearch 6.8.21
ActiveMQ 6.1.2

Bloomreach Experience Manager v15.x

Optional Connector Dependency Version
Elasticsearch 6.8.21
ActiveMQ 5.18.4

Installation

In the properties section of the root pom.xml add the version. Audit Addon Versions for different Bloomreach Experience Manager versions can be found in the Release Notes.

<audit.addon.version>2.1.0</audit.addon.version>

In the <dependencyManagement> section of the root pom.xml, add the below dependencies.

<dependency>
  <groupId>com.bloomreach.addons.audit</groupId>
  <artifactId>audit-addon-application</artifactId>
  <version>${audit.addon.version}</version>
</dependency>
<dependency>
  <groupId>com.bloomreach.addons.audit</groupId>
  <artifactId>audit-addon-frontend</artifactId>
  <version>${audit.addon.version}</version>
</dependency>
<dependency>  
  <groupId>com.bloomreach.addons.audit</groupId>  
  <artifactId>audit-addon-proxy</artifactId>  
  <version>${audit.addon.version}</version>
</dependency>
<!--Add only for enterprise projects that use the projects feature-->
<dependency>
  <groupId>com.bloomreach.addons.audit</groupId>
  <artifactId>audit-addon-enterprise-listeners</artifactId>
  <version>${audit.addon.version}</version>
</dependency>

In the <plugins> section of the cms pom.xml, add the below plugin.

<!--This plugin is required to copy the resources (auditsearch) from the dependency jar audit-addon-frontend as static resources below the CMS webapp directory-->
<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-dependency-plugin</artifactId>
  <executions>
    <execution>
      <id>unpack</id>
      <phase>compile</phase>
      <goals>
        <goal>unpack</goal>
      </goals>
      <configuration>
        <artifactItems>
          <artifactItem>
            <groupId>com.bloomreach.addons.audit</groupId>
            <artifactId>audit-addon-frontend</artifactId>
            <outputDirectory>src/main/webapp</outputDirectory>
            <includes>auditsearch/**</includes>
          </artifactItem>
        </artifactItems>
      </configuration>
    </execution>
  </executions>
</plugin>

In the <dependencies> section of the cms-dependencies pom.xml, add the below dependencies

<dependency>
  <groupId>com.bloomreach.addons.audit</groupId>
  <artifactId>audit-addon-application</artifactId>
</dependency>
<dependency>
  <groupId>com.bloomreach.addons.audit</groupId>
  <artifactId>audit-addon-frontend</artifactId>
</dependency>
<dependency>   
  <groupId>com.bloomreach.addons.audit</groupId>   
  <artifactId>audit-addon-proxy</artifactId> 
</dependency>
<!--Add only for enterprise projects that use the projects feature-->
<dependency>
  <groupId>com.bloomreach.addons.audit</groupId>
  <artifactId>audit-addon-enterprise-listeners</artifactId>
</dependency>
  • The module audit-addon-application contains all the necessary backend logic to listen, handle and broadcast the events to the configured persistance manager and/or connectors.
  • The module audit-addon-frontend contains the custom perspective (that relies on the forge iframe plugin) and the frontend UI resources.
  • The module audit-addon-proxy contains a proxy implementation that sends the requests from the frontend UI to the configured event data store through the backend. This approach can be followed in scenarios where the frontend can not directly access the event storage for reasons like mixed content, CORS, storage service exposed on internal network, etc.
  • The module audit-addon-enterprise-listeners contains dedicated event listeners and handlers for enterprise features like Projects.

Configuration

All the services required and involved for the functionality of the addon are registered and managed by com.bloomreach.addon.audit.module.AuditServicesDaemonModule. The relevant configuration can be found below the node at the path

/hippo:configuration/hippo:modules/audit-services-daemon

If you intend to use an intermediate persistence manager, this service can be configured by setting the property className at

/hippo:configuration/hippo:modules/audit-services-daemon/hippo:moduleconfig/eventstore

The addon comes with com.bloomreach.addon.audit.eventstore.JcrAuditEventPersistenceManager one sample implementation of the interface com.bloomreach.addon.audit.eventstore.AuditEventPersistenceManager that stores the events in JCR. You can provide and configure your own implementation of this interface to store events before they are sent to different connectors.

The addon also comes with two connector sample implementations. One for Elasticsearch (com.bloomreach.addon.audit.clients.ElasticSearchClient) and one for ActiveMQ (com.bloomreach.addon.audit.clients.ActiveMQClient) both classes are implementing the interface com.bloomreach.addon.audit.clients.EventPersistenceStrategy. By implementing this interface in your project, you can configure your own connectors to send the captured events to as per requirements. You can have multiple connectors configured in your project. To register a connector, you have to create a node below 

/hippo:configuration/hippo:modules/audit-services-daemon/hippo:moduleconfig

and follow the node naming convention connector-* so for example : connector-redis, connector-mongo, etc.

The two sample connectors mentioned above are configured at the corresponding paths

/hippo:configuration/hippo:modules/audit-services-daemon/hippo:moduleconfig/connector-elasticsearch:
  jcr:primaryType: hipposys:moduleconfig
  className: com.bloomreach.addon.audit.clients.ElasticSearchClient
  url: http://localhost:9200
String property Default value  Description
url http://localhost:9200 The URL of the Elasticsearch instance 
apiKey <none> To be passed as Authorization header with value: ApiKey {apiKey}
username <none> To be used by UsernamePasswordCredentials
password <none> To be used by UsernamePasswordCredentials

and

/hippo:configuration/hippo:modules/audit-services-daemon/hippo:moduleconfig/connector-activemq:
  jcr:primaryType: hipposys:moduleconfig
  brokerUrl: tcp://localhost:61616
  className: com.bloomreach.addon.audit.clients.ActiveMQClient
  queueName: auditqueue
String property Default value  Description
brokerUrl tcp://localhost:61616 The URL of the ActiveMQ instance 
queueName auditqueue The queueu name
username <none> To be used by the ActiveMQSslConnectionFactory
password <none> To be used by the ActiveMQSslConnectionFactory
trustStorePath <none> To be used by the ActiveMQSslConnectionFactory
trustStorePassword <none> To be used by the ActiveMQSslConnectionFactory
keyStorePath <none> To be used by the ActiveMQSslConnectionFactory
keyStorePassword <none> To be used by the ActiveMQSslConnectionFactory

Optionally, you can disable specific event handling based on event action by configuring the mutli-valued property disabled-events on the node

/hippo:configuration/hippo:modules/audit-services-daemon/hippo:moduleconfig

The production build static resources of the frontend UI from the audit-addon-frontend are served from the context of the CMS application. All the calls for fetching events are relative to the CMS context and follow the patter /cms/auditsearch/proxy/**\

The proxy implementation from the audit-addon-proxy module listens for calls to /cms/auditsearch/proxy/** and will proxy the remaining matching URL to the configured proxy URL. To configure the proxy URL where your event storage instance is hosted, you must set the system variable 

auditaddon.proxy.url

If you want to use the custom perspective but don't want to use the provided frontend UI, you can embed your own application URL by configuring the property iframe.src on the node 

/hippo:configuration/hippo:frontend/cms/cms-static/auditsearch-iframe-perspective

There are two scheduled tasks offered as part of the addon implementation

  • com.bloomreach.addon.audit.eventstore.AuditAddonScheduledTask - when the JCR persistance manager is used, events that fail to be broadcasted are reattempted to be sent to the configured connectors via this nightly task

  • com.bloomreach.addon.audit.eventstore.AuditAddonESCleaner - when Elasticsearch is used as storage this task can be configured to clean up events older than the maxAgeDays

User Permissions

In order for users to be able to see the Audit Addon's Custom Perspective, they must be given the "xm.auditaddon.viewer" user role. Ensure that the appropriate users are given this role.

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?