Integrate AuditKit into your Spring Boot application with the official Java SDK. Annotation-driven audit logging, Spring AOP integration, and JPA entity listeners.
Spring Boot is the dominant framework for enterprise Java applications. The AuditKit Java SDK provides annotation-driven audit logging through Spring AOP, JPA entity listeners for automatic persistence-layer tracking, and Spring Security integration for authentication event capture. The SDK follows Spring conventions with auto-configuration, conditional beans, and property-based configuration.
Add AuditKit to your Maven or Gradle project.
<!-- Maven -->
<dependency>
<groupId>dev.auditkit</groupId>
<artifactId>auditkit-spring-boot-starter</artifactId>
<version>1.0.0</version>
</dependency>
// Gradle
implementation 'dev.auditkit:auditkit-spring-boot-starter:1.0.0'Add AuditKit configuration to application.yml.
# application.yml
auditkit:
api-key: ${AUDITKIT_API_KEY}
tenant-header: X-Tenant-ID
auto-log-security: trueAdd @AuditLog to controller methods or service methods.
@RestController
@RequestMapping("/api/users")
public class UserController {
@PostMapping("/{id}/role")
@AuditLog(action = "user.role_changed", targetType = "user")
public ResponseEntity<User> changeRole(
@PathVariable String id,
@RequestBody RoleUpdateRequest request) {
User user = userService.changeRole(id, request.getRole());
return ResponseEntity.ok(user);
}
}Annotate JPA entities for automatic change tracking.
@Entity
@Audited // AuditKit JPA annotation
public class Document {
@Id
private String id;
@AuditField // Track changes to this field
private String title;
@AuditField
private String status;
private String content; // Not tracked
}Here is a complete example showing AuditKit integrated into a Spring Boot application with authentication logging, data access tracking, and explicit event capture.
// Application configuration (auto-configured by starter)
// application.yml:
// auditkit:
// api-key: ${AUDITKIT_API_KEY}
// tenant-header: X-Tenant-ID
@RestController
@RequestMapping("/api/invoices")
public class InvoiceController {
private final AuditKitClient auditkit;
private final InvoiceService invoiceService;
public InvoiceController(AuditKitClient auditkit, InvoiceService service) {
this.auditkit = auditkit;
this.invoiceService = service;
}
@PostMapping
@AuditLog(action = "invoice.created", targetType = "invoice")
public ResponseEntity<Invoice> create(@RequestBody CreateInvoiceRequest req) {
return ResponseEntity.ok(invoiceService.create(req));
}
@PostMapping("/{id}/refund")
public ResponseEntity<Invoice> refund(
@PathVariable String id,
@AuthenticationPrincipal UserDetails user) {
Invoice invoice = invoiceService.findById(id);
String previousStatus = invoice.getStatus();
invoiceService.refund(id);
auditkit.log(AuditEvent.builder()
.action("invoice.refunded")
.actor(Actor.of(user.getUsername(), user.getEmail()))
.target(Target.of("invoice", id))
.metadata(Map.of(
"invoice_number", invoice.getNumber(),
"amount", invoice.getAmount().toString(),
"previous_status", previousStatus
))
.build());
return ResponseEntity.ok(invoice);
}
}@AuditLog annotation for declarative method-level logging
JPA entity listeners with @Audited and @AuditField annotations
Spring Security event listeners for authentication logging
Spring AOP aspects for cross-cutting audit concerns
WebFilter for automatic HTTP request logging
Reactor/WebFlux support for reactive applications
Add the auditkit-spring-boot-starter dependency, configure your API key in application.yml, and use the @AuditLog annotation on controller or service methods. For JPA-level tracking, annotate entities with @Audited and mark specific fields with @AuditField.
Yes. The AuditKit Spring Boot starter automatically registers Spring Security event listeners that capture authentication successes, failures, session events, and authorization decisions as audit events.
Get started with tamper-proof audit trails in minutes. Open source, from $99/mo.