Auditing

Auditing in JPA automatically tracks metadata about entity changes, such as who created, updated, or deleted a record and when. It is widely used in enterprise applications for accountability, compliance, historical tracking, and debugging.

In simpler terms:

Auditing tells you who did what and when in your application’s database.

Why Use Auditing?

• Keep track of who created, updated, or deleted records.
• Automatically record timestamps for entity changes.
• Supports compliance, logging, and debugging.
• Enables soft delete tracking and historical context.
• Reduces manual effort to maintain audit fields.

Common Audit Fields

Enable JPA Auditing

JPA Auditing allows Spring Data JPA to automatically populate audit fields like createdBy, createdDate, lastModifiedBy, and lastModifiedDate without manual intervention.

Add Spring Data JPA Dependency

Spring Data JPA provides built-in auditing support through annotations and entity listeners.

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>

Enable Auditing in Application

• Activates JPA auditing across the application
• Links auditing to a custom AuditorAware bean
• Enables automatic population of audit fields during save and update operations

@SpringBootApplication
@EnableJpaAuditing(auditorAwareRef = "auditorProvider")
publicclassMyAppApplication {
publicstaticvoidmain(String[] args) {
        SpringApplication.run(MyAppApplication.class, args);
    }
}

Provide an AuditorAware Implementation

• Supplies the current user for @CreatedBy and @LastModifiedBy
• Can be integrated with Spring Security to fetch authenticated users
• Ensures audit data remains consistent and automatic

@Component
publicclassAuditorAwareImplimplementsAuditorAware<String> {
@Override
public Optional<String>getCurrentAuditor() {
// Fetch from security context or other source
return Optional.of("system");// Replace with actual user
    }
}

How It Works Internally

Save/Update Entity
        ↓
AuditingEntityListener triggered
        ↓
AuditorAware providescurrentuser
        ↓
Audit fields populated automatically

Auditing Annotations

Spring Data JPA provides built-in annotations that automatically populate audit-related fields during entity lifecycle events such as create and update operations.

These annotations eliminate the need for manual timestamp and user tracking.

Auditing Annotations

Example Entity with Auditing

@Entity
@EntityListeners(AuditingEntityListener.class)
publicclassUser {

@Id
@GeneratedValue
private Long id;

private String name;

@CreatedBy
private String createdBy;

@CreatedDate
private LocalDateTime createdDate;

@LastModifiedBy
private String lastModifiedBy;

@LastModifiedDate
private LocalDateTime lastModifiedDate;

// Getters and setters
}

How This Works

• AuditingEntityListener listens to entity lifecycle events
• Audit fields are populated automatically on save() and update()
• No manual handling is required in controllers or services

Auditing with Soft Delete

Auditing becomes even more powerful when combined with soft delete, allowing you to track who deleted a record and when, instead of permanently removing it.

Soft Delete Audit Fields

@Column(name = "deleted_at")
private LocalDateTime deletedAt;

@Column(name = "deleted_by")
private String deletedBy;

Service Layer Example

user.setDeletedAt(LocalDateTime.now());
user.setDeletedBy(currentUser);
userRepository.save(user);

Best Practices

• Always use @CreatedDate and @LastModifiedDate for timestamps.
• Use @CreatedBy and @LastModifiedBy with Spring Security for real users.
• Combine auditing with soft delete for full historical tracking.
• Avoid storing sensitive data directly in audit fields.
• Prefer LocalDateTime over Date.
• Index audit columns (createdDate, deletedAt) if needed for reporting.

Auditing in REST APIs

• Auditing happens automatically when saving or updating entities.
• Controllers do not need to set audit fields manually.

Example:

@PostMapping("/users")
public UsercreateUser(@RequestBody User user) {
return userRepository.save(user);
}

• createdBy and createdDate are automatically populated.
• Ensures consistent and reliable audit data for every transaction.

Advanced Features

• Fetch the current authenticated user dynamically using AuditorAware.
• Track auditing for embedded entities using @Embedded.
• Combine auditing with DTO projections to expose audit info in APIs.
• Maintain a separate audit log table for complete historical records.

Conclusion

Auditing in Spring Boot / JPA automates tracking of entity creation, modification, and deletion.

• Provides accountability, compliance, and historical tracking.
• Integrates seamlessly with soft delete, DTOs, and REST APIs.
• Using LocalDateTime, AuditorAware, and JPA annotations ensures robust, maintainable, and enterprise-ready applications.