I need to implement audit logging for a web application I build. I am using Spring Boot, MySQL and JPA (Hibernate) in development. I know there are solutions like Hibernate Envers for auditing at the Entity level. The problem is that the user (an admin user of the web app built) who will inspect these logs have no notion of Entities, he speaks in terms of user actions. What my customer asking is to be able to detect each action each user performs. For instance, he wants to list all actions performed in the last 2 days. He expects to see a table such as:
USER REQUESTED_ACTION REQUEST_TIME DETAILS ----- ---------------- ------------ --------- John Log in 2020-10-10 10:10 ----- John Create Assessment 2020-10-10 10:12 AssessmentDay:..., Result:Success
DETAILS column will contain information related to the action, such as inputs and outputs of the action. This column will differ for each action, it may contain a text in JSON, XML or any other format, does not matter. I see couple of problems arising here. The first one is that it requires a lot of work on the developer side, me. I can apply Spring AOP in the @Controller or @Service classes to build the DETAILS and other columns and save the information, but still not sure if that is a good solution. I am also thinking of using Envers and translating the Envers audit tables to above table which the user would like to see. I am not sure if that is possible though. Another option would be to just use Envers as is and educate the user about Entities. I would appreciate some guidance.
As you already more or less realised, Envers is NOT the right tool for the job. It deals with database changes while you deal with user actions, which might not even result in a database change, for example the "LOG IN" action you use as an example like does not trigger any database change.
Options I see are either AOP on controlers or services or alternatively a HandlerInterceptor