This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Little Book of Impediments (e-book only) and have Tom Perry on-line!
See this thread for details.
Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

when to use interceptor

 
David Spades
Ranch Hand
Posts: 348
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've stumbled upon many blogs that recommends using interceptor for auditing. I think this is really not good since failure in logging transaction may propagate to main transaction and cause the main transaction to rollback. Am I wrong? if I'm correct, then when do we use interceptors? and also, how do we do logging that would record the SQL statements and user credentials (triggers won't be able to record user credentials and any other application specific data).
thanks
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 35279
384
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David,
What kind of interceptor? Spring? An AOP library? JEE 6 Interceptor? Does it have to be in the same transaction context?

Also, you shouldn't be logging user credentials. Username maybe. But most applications use a datasource so all database queries use the same user id anyway.
 
David Spades
Ranch Hand
Posts: 348
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hibernate interceptor. and maybe I'm a little vague about user credential here. Yes, you're right, I would never record user's password in the log file (I couldn't anyway even if I wanted to), just the username so we know who issued the request that would in turn invoke all those SQL statements.
From your post, I understand that the logging of username is done by database because the credential in both application and database are the same for one user, is this correct? because usually for database credentials, I use user category as username only, not the real user credential, so if many users are in the same category, then they share the same database credential.
thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic