Don't fear the Audit -- Part 1
By John 'JB' Brock on Aug 15, 2011
Have you ever looked at the JDeveloper IDE, while you're writing code, and seen the warnings or errors that come up in the left and right gutters? Have you thought, "wouldn't it be great if the editor caught XYZ in my code?"
Well, you can write your own Audit extension to have the IDE look for just about anything.
The Audit Framework that comes with JDeveloper is very powerful, and really not that hard to extend. It can help with maintaining company standards, or enforcing efficiency and protocol standards that may be set by your team.
You can even go as far as to write transforms (fixes) that will make the changes to the code for you when it finds something that you pre-defined.
For this topic, I'm going to use a project that I wrote specifically for this example. You can download the entire project as a .zip file and place it into your work directory if you like. I'm using JDeveloper 11gR2 for this example project. If you don't have this latest release, you can still follow along and I will try to point out the differences between the R1 syntax and the newer R2 syntax.
UPDATE (02/17/2012): There has been a nice write up about this topic, specifically done for 11gR1 over on Arvinder Singh's blog If you are using 11gR1 (11.1.1.x) then I would head over there as well.
In Part One of this topic, I'll cover the writing of the analyzer, to find the suspect code and send a report to the IDE. In Part Two, I'll cover how to write a transform to automate the modification of what you report in the analyzer.
For most audits setting up the analyzer and having it report something to the IDE is all you need to do.
This is broken down into two parts.
- Declarative entries in the extension.xml file
- Analyzer class
Let's start in the extension.xml file and work from there.
As you can see, we are going to add an <audit-hook> element to the file. If you are using JDev 11gR1, this will go into the <hooks> section, if you are using 11gR2, this goes into the <triggers> section. Otherwise, the syntax is the same.
Let's take a closer look at each of the elements in the example above.
The <audit-hook> ID parameter must be a unique id.
The <category-definition> is what tells the IDE where to display the rules when you look at the Tools >> Preferences >> Audits >> Profiles dialog.
There is a label, description, and message parameter for the category-definition element. I've set these in a Resource file instead of putting them directly in the extension.xml file. I've done the same thing for the <rule-definition> element. Here is what that resource file looks like.
The <rule-definition> element is really where everything is setup.
The ID parameter has to be a unique string.
The category is set to the category that you defined above, or an existing category that you know the ID of.
Enabled is set to true or false. This is very important. If this is set to true, the IDE will run your audit as soon as the file is loaded in the editor. It's best to set this to False until you know what impact your audit is going to have on performance of the editor. If you do something really time intensive in the analyzer class, it could bring the editor to a crawl.
The severity element can be set to one of four options.
All of these have a different way of displaying in the IDE when they are encountered by the audit framework. The Error value will stop the compiler from completing until the issue is resolved.
The parameter element is optional. This is what you will use to pass any values back from the audit. You may want to pass a value back to be used in the message that is displayed in the editor when you mouse over the issue. Take a look at the Resource file example that I included above, and you will see how I am using the "currentsize" parameter in my message.
Multiple Rules can be setup in an audit-hook element. However only one analyzer class can be referenced per audit-hook so it's best to group rules into common analyzers.
The <analyzer-definition> element is set to point to the analyzer class that the rules will be implemented in.
The Analyzer Class
The analyzer class is where all of the real work is done.
An analyzer class must be a subclass of oracle.jdeveloper.audit.analyzer.Analyzer.
Before Audit begins each traversal, it creates new Analyzers instances, creates and configures new Rule instances, and injects the rules into the analyzers. The @ExtensionResource annotation on the INVALID_FETCH_SIZE field instructs Audit to inject the instance of the Invalid Fetch Size rule into the field. The analyzer will need the instance stored in that field to report an issue.
In this class you can implement validation code for the workspace (application), project, document, and element. In the traversal, the audit framework will visit the objects in the model as follows:
- Enter Root
- Enter Workspace
- Enter Document
- Enter Element
- Exit Element
- Exit Document
- Exit Workspace
- Exit Root
For this example, I don't have any validating to do in the workspace or project methods, so I'll skip down the document method and start there.
In this method I check to see if the first node in the document is "ViewObject" and if the file name ends with VO.xml. If this criteria is not met, then we set the setEnabled() method to false, disabling the audit for this traversal.
When the setEnabled() method is set to False, it stops the traversal from going any deeper into the process. It will immediately start the return trip in the traversal and call the appropriate Exit methods.
If this method passes, then it continues down into the Enter method for the Element. You do not need to do a setEnabled(true).
Here we check to make sure that the FetchSize element exists and if so, and if it does, we check to see if a value has been set. We do our test to see if the value is greater then 100 and if so, we return the report, adding our parameter that we set in the extension.xml.
If we had created multiple rules in the extension.xml file, and they all defined some kind of audit on a ViewObject, we could do multiple validations here in this method.
You would need to add an additional @ExtensionRegistry and "private Rule" definition for each rule at the top of the class, and then set the report variable to send out the report to the different rules as needed.
To run your audit, you can click on whichever object you want to run the audit against (Workspace, Project, file) and then click on the Build menu in the main menu bar. At the very bottom of the menu list, you will see "Audit <object>".
You'll notice in the example above, I have the Project selected in the Navigator window, and in the Build menu, it is showing "Audit Audit-Sample.jpr" which will run my audit against all of the files in the project.
To make sure your audit rule will be run, look at the Tools >> Preferences >> Audits >> Profiles dialog and make sure your rule is checked.
Getting Audit Extensions to load in 11gR2
If you are working with 11gR2, you will find that the audit extension will not fully load when you run it. Looking at Help >> About >> Extensions you will see that your extension has "Triggers loaded" but it never gets to "Fully loaded". This is a result of the lazy loading feature introduced with 11gR2. To get the extension to load when it's first initialized, we add the following element to the <audit-hook> element.
The value for <technology> is a technologyKey and will cause the extension to be loaded when a project is initialized that uses this technology. For this example, I've set it to ADFbc since I am doing an audit against an ADF application with the ADFbc feature enabled.
In this post I covered the basics of creating an audit extension that audits and XML file. In Part Two I add a transform (fix) to this same project.
A very special Thank You! to Louis Tribble (Audit Framework master) and Jun Shozaki who spent countless hours traveling the internal roads of the Audit framework, and thankfully documenting them. Without these two developers, this topic would not be written.