Things to know before creating ADF EMG Audit Rules

Owned by Richard Olrichs
Sept 16, 2014

We are currently working on Audit Rules from the Code Guidelines document (V2.00)

In the trunk is an xlsx document to keep track of the coding.
Both in the 12c as well as the 11g workspace there is a Test application you can use to create a rule violation and test if your code works as expected.

We have a separated workspace for 11g and for 12c, but they work with the same Java Source.
The idea is that we code the rule only once and reuse the java source in both projects.

In the Extension11g project and the Extension12c project, you have to create an AuditHook in the Extension.xml. 
In 12c: the ID of the AuditHook in the Extension.xml needs to match the ExtensionResource annotation in the analyzer. 
However, in 11g, this ExtensionResource annotation needs to match the category of the rule definition in the extension.xml.

For example, in the shared Java Source for the ViewObjectAnalyzer we have the following rule:
@ExtensionResource("org.adfemg.audits.adfbc.adfvo.read-only-vo")
private Rule READ_ONLY_VO;

In 11g, the rule definition in the extension.xml looks like this:

<pre>
<rule-definition category="org.adfemg.audits.adfbc.adfvo"
name="read-only-vo">
<severity>warning</severity>
</rule-definition>
</pre>

 

In the Extension.xml in 12c, you first need the correct id in the audit-hook, after that create the rule-definition: 

<pre>
<audit-hook id="org.adfemg.audits.adfbc.adfvo">
<rule-definition id="read-only-vo">
<category>adfvo</category>
<enabled>true</enabled>
<severity>warning</severity>
</rule-definition>
(...)
</audit-hook>
</pre>