Data Auditing in Spring Data JPA

Thanh Tran
Feb 3 · 3 min read

Many systems require auditing and tracking the change in the persistence layer. It is really helpful to investigate problems related to the data. Data auditing typically answers these questions: when was it created, who was create the record, when was it created, who modified the record last and when was it modified last. In this article, we will learn how to implement auditing features.

How Spring Data JPA support auditing

By now, Spring provides four annotations in the spring-data-commons module for auditing features. They are:

  • @CreatedByrepresents the principal that created the entity containing the field.
  • @CreatedDate represents the date the entity containing the field was created.
  • @LastModifiedBy represents the principal that recently modified the entity containing the field.
  • @LastModifiedDaterepresents the date the entity containing the field was recently modified.

Besides the four mentioned annotations, Spring also provides @EnableJpaAuditing that aims enable auditing feature.

The AuditingEntityListener

In order to explain how the auditing feature works in Spring Data JPA, we should be known about an important class that listens to the change of the entity. It is AuditingEntityListener class. The AuditingEntityListener is one of the key factors of auditing features in Spring. Its responsibility is to listen to an update or a creation of an entity then perform necessary tasks to fill auditing information to the entity based on the annotated annotation of the entity. This class relies on the JPA Entity lifecycle event.

Take a look at the AuditingEntityListener we saw to main methods touchForCreate and touchForUpdate one is decorated with @PrePersist and @PreUpdate respectively.

AuditingEntityListener in Spring Data JPA

Do you concern how Spring know who was created or modified the entity? The answer is spring doesn’t know how to fill the principal therefore we have to define a bean that has the implementation for org.springframework.data.domain.AuditorAware interface. At this time, I know that Spring has an implement in the spring security module. The name of the class is SpringSecurityAuditorAware. In case we don’t want to apply the SpringSecurityAuditorAware we have to make our own.

Example for auditing with Spring JPA

Project structure:

User table which created by the following data scripts

For this demo, I would like to define the auditable class separately then the main entity will extend the auditable class.

The AuditableEntity:

We set AuditingEntityListener to listen to events for the AuditableEntity and MappedSupperclass to allows the business entity can inherit this class. This reduces a lot of boiltplate code and more maintainable.

The User entity:

Configure essential beans and enable JpaAuditing:

As I have mentioned in the previous section, the auditing feature required a bean of AuditorAware so in the configuration class we just define that bean. To reduce the complexity of this demo, I have created a very basic implementation to AuditorAware that simply returns the user of the current machine where the application is running in.

I would like to skip the implementation for controllers, services, repositories, etc which we can found in my GitHub source repository.

Test our works

Start the demo application

sent a POST request with URL: http://localhost:8080/user/add

request body:

{    "userId": 1,    "firstName": "First Name updated",    "lastName": "Last Name"}

Verify the result by access h2-console following http://localhost:8080/h2-console/

Demo Source code

https://github.com/Programming-Sharing/spring-data-jpa-demo/tree/auditing-with-spring-data-jpa

Programming Sharing

We write about programming. We share about programming.

Sign up for Programming Sharings Newsletter

By Programming Sharing

Get new articles update by signing up our newsletter Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Thanks to The Startup

Thanh Tran

Written by

Software Engineer at Terralogic. Blogger and Amateur Investor

Programming Sharing

The publication to share programming knowledge

Thanh Tran

Written by

Software Engineer at Terralogic. Blogger and Amateur Investor

Programming Sharing

The publication to share programming knowledge

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store