Automatic ORM Entity Auditing

I think that a good extension to ColdBox would be some kind of
automatic entity audit logging. I am just posting for any ideas on how
to implement it or whether there is anything already out there as I am
a novice with ColdBox.

I think it would be bad idea performance wise to use a single audit
table/entity type to log all actual entity changes. So I was wondering
whether I could automatically generate history entity types based on
the real ones using the metadata/reflection. Thus keeping historic
data away from current data but organised into separate tables for
performance. The generation of this maybe triggered by a component

Just throwing the idea out there for comments or suggestions really as
I am lazy and don't want to manually create (or maintain) history
entity types...



Sounds like an excellent use of a MongoDB logging plugin to me.

And AOP...


Well, yeah, sorta figured that was implied by the automatic entity
auditing :slight_smile: None the less, an excellent point.

Yep, sounds ideal.

Thanks guys

I have actually done something like this and have it running in one production application against an Oracle server.

I used the Java Envers project as inspiration and was hoping to get some time to clean it up a little and double check that it’s working with MSSQL and Oracle and then later I’d like to add other database support.

Currently works as a Coldbox interceptor and requires ORM event handling but would like to get it to be framework independent but of course it would still require the event handling.

Needs some more polishing and was hoping to implement on some other projects that require auditing to really flush out any issues but haven’t really had any since the original project I created this for.

I think that is fantastic. Maybe share it in forgebox

Luis Majano
Ortus Solutions, Corp
Toll free phone/fax: 1-888-557-8057
Mobile: 909-248-3408

This all sounds cool - it’s something I’ve been keen to get running for a long time (tried speaking to Railo about native implementation of Envers)

I have an old TransferORM based application which has an auditing solution that I put together.

The basic principle that mine follows is that if you want your class to be audited you have it extend model.orm.audited

ORM event handlers are then used to inspect objects pre-save, and if they’re an instance of the audited object their state is serialised as JSON and saved in an audit table.

The base class gives all kinds of functions for traversing through older versions to access history, rollback etc.

It would be great to get an implementation that didn’t rely on inheritance, perhaps using mixins or method injection, but at the time it seemed like the most logical solution.

Look forward to seeing how other people have this stuff implemented.


Use di to inject an audit object vi a composition

Luis Majano
Ortus Solutions, Corp
Toll free phone/fax: 1-888-557-8057
Mobile: 909-248-3408

Yeah that was my thoughts too.

I also had some ideas about extended meta data so you can choose which properties get audit, which relationships and to what depth get serialised as well.

It’s not something I’ve worked on actively in months, we built the plugin and it’s just been sat working ever since, and what with it being TransferORM based I don’t have much motivation to grow it, just wasn’t sure if some of the principles could be used for Hibernate too.


It has been my intention to make it available at forgebox and it has been my intention for a quite a while now.

I’ll have to dust off the project and figure out where it stands. All I really remember implementing is that is that it looks at ORM entities and if the component has an audited=true then it creates an audit component and programatically adds it to Wirebox and injects it into a master revinfo component which then listens to all ORM events and decides if they’re is any auditing to log.

It also generates and executes the ddl to create tables for storing the info all programatically.

It is basically - add the interceptor to Coldbox config, start the application and then everything is generated if it doesn’t already exist. It writes out the audit component so that you can customize a particular component if need be.

It was also on my list to control the granularity down to the individual properties but I haven’t gotten that far yet.

It lacked a reporting interface but it was on my list to create but I wasn’t given the requirement to build it at the time when I did the rest.

I’ll try and get it cleaned up and make it Forgebox ready because I’d be interested to see if others can benefit from it.


I think that is amazing yes put it up there and also do a github repo so people can contribute.

Luis Majano
Ortus Solutions, Corp
Toll free phone/fax: 1-888-557-8057
Mobile: 909-248-3408