Merged HEAD-BUG-FIX (4.3/Cloud) to HEAD (4.3/Cloud)

64785: Merged V4.2-BUG-FIX (4.2.2) to HEAD-BUG-FIX (4.3/Cloud) 64131: Merged DEV to V4.2-BUG-FIX (4.2.2) 63233: MNT-10767: Guard in AuditMethodInterceptor is too restrictive preventing subordinate service calls from producing data. - Modify AuditMethodInterceptor to audit subordinate public services 64123: MNT-10767: Guard in AuditMethodInterceptor is too restrictive preventing subordinate service calls from producing data. - Add unit test git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@66188 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2014-04-02 19:53:27 +00:00
parent 5a833ba4ac
commit 23182c909d
6 changed files with 159 additions and 6 deletions
--- a/source/java/org/alfresco/repo/audit/AuditMethodInterceptor.java
+++ b/source/java/org/alfresco/repo/audit/AuditMethodInterceptor.java
@@ -187,7 +187,7 @@ public class AuditMethodInterceptor implements MethodInterceptor
        try
        {
            // If we are already in a nested audit call, there is nothing to do
-            if (wasInAudit != null)
+            if (Boolean.TRUE.equals(wasInAudit))
            {
                return mi.proceed();
            }
@@ -211,8 +211,6 @@ public class AuditMethodInterceptor implements MethodInterceptor
            }
            String methodName = mi.getMethod().getName();
            // Record that we have entered an audit method
            inAudit.set(Boolean.TRUE);
            return proceedWithAudit(mi, auditableDef, serviceName, methodName, namedArguments);
        }
        finally
@@ -228,7 +226,10 @@ public class AuditMethodInterceptor implements MethodInterceptor
            String methodName,
            Map<String, Serializable> namedArguments) throws Throwable
    {
        Boolean wasInAudit = inAudit.get();
        Map<String, Serializable> preAuditedData = null;
        // Record that we have entered an audit method
        inAudit.set(Boolean.TRUE);
        try
        {
            preAuditedData = auditInvocationBefore(serviceName, methodName, namedArguments);
@@ -241,7 +242,10 @@ public class AuditMethodInterceptor implements MethodInterceptor
                    "   Invocation: " + mi,
                    e);
        }
-        
+        finally
        {
            inAudit.set(wasInAudit);
        }        
        // Execute the call
        Object ret = null;
        Throwable thrown = null;
@@ -256,6 +260,8 @@ public class AuditMethodInterceptor implements MethodInterceptor
        // We don't ALWAYS want to record the return value
        Object auditRet = auditableDef.recordReturnedObject() ? ret : null;
        // Record that we have entered an audit method
        inAudit.set(Boolean.TRUE);
        try
        {
            auditInvocationAfter(serviceName, methodName, namedArguments, auditRet, thrown, preAuditedData);
@@ -268,7 +274,10 @@ public class AuditMethodInterceptor implements MethodInterceptor
                    "   Invocation: " + mi,
                    e);
        }
-        
+        finally
        {
            inAudit.set(wasInAudit);
        }        
        // Done
        if (thrown != null)
        {
--- a/source/test-java/org/alfresco/repo/audit/AuditComponentTest.java
+++ b/source/test-java/org/alfresco/repo/audit/AuditComponentTest.java
@@ -31,6 +31,7 @@ import java.util.Map;
 import junit.framework.TestCase;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.audit.model.AuditApplication;
 import org.alfresco.repo.audit.model.AuditModelException;
 import org.alfresco.repo.audit.model.AuditModelRegistryImpl;
@@ -48,6 +49,8 @@ import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.cmr.security.MutableAuthenticationService;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.test_category.OwnJVMTestsCategory;
 import org.alfresco.util.ApplicationContextHelper;
@@ -75,10 +78,11 @@ public class AuditComponentTest extends TestCase
    private static final String APPLICATION_ACTIONS_TEST = "Actions Test";
    private static final String APPLICATION_API_TEST = "Test AuthenticationService";
    private static final String APPLICATION_ALF12638_TEST = "Test ALF-12638";
    private static final String APPLICATION_MNT10767_TEST = "Test MNT-10767";
    private static final Log logger = LogFactory.getLog(AuditComponentTest.class);
-    private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
+    private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext(new String[] {ApplicationContextHelper.CONFIG_LOCATIONS[0], "classpath:alfresco/testaudit/alfresco-audit-test-mnt-10767-context.xml"});
    private AuditModelRegistryImpl auditModelRegistry;
    private AuditComponent auditComponent;
@@ -787,6 +791,94 @@ public class AuditComponentTest extends TestCase
        assertTrue("There should be exactly one audit entry for the API test", success);
    }
   /**
     * See <a href="https://issues.alfresco.com/jira/browse/MNT-10767">MNT-10767</a>
     */
    public void testAuditSubordinateCall() throws Exception
    {
        AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
        AuditQueryParameters params = new AuditQueryParameters();
        params.setForward(true);
        params.setApplicationName(APPLICATION_MNT10767_TEST);
        // Load in the config for this specific test: alfresco-audit-test-mnt-10767
        URL testModelUrl = ResourceUtils.getURL("classpath:alfresco/testaudit/alfresco-audit-test-mnt-10767.xml");
        auditModelRegistry.registerModel(testModelUrl);
        auditModelRegistry.loadAuditModels();
        // There should be a log entry for the application
        final List<Long> results = new ArrayList<Long>(5);
        final StringBuilder sb = new StringBuilder();
        AuditQueryCallback auditQueryCallback = new AuditQueryCallback()
        {
            public boolean valuesRequired()
            {
                return true;
            }
            public boolean handleAuditEntry(Long entryId, String applicationName, String user, long time, Map<String, Serializable> values)
            {
                results.add(entryId);
                sb.append("Row: ").append(entryId).append(" | ").append(applicationName).append(" | ").append(user).append(" | ").append(new Date(time)).append(" | ").append(
                        values).append(" | ").append("\n");
                ;
                return true;
            }
            public boolean handleAuditEntryError(Long entryId, String errorMsg, Throwable error)
            {
                throw new AlfrescoRuntimeException(errorMsg, error);
            }
        };
        clearAuditLog(APPLICATION_MNT10767_TEST);
        results.clear();
        sb.delete(0, sb.length());
        queryAuditLog(auditQueryCallback, params, -1);
        assertTrue("There should be no audit entries for the API test after a clear", results.isEmpty());
        TestCreateFileFolderService testCreateFileFolderService = (TestCreateFileFolderService) ctx.getBean("TestCreateFileFolderService");
        NodeRef workingRootNodeRef = null;
        try
        {
            workingRootNodeRef = nodeService.createNode(nodeRef, ContentModel.ASSOC_CHILDREN,
                    QName.createQName(NamespaceService.ALFRESCO_URI, "working_root" + System.currentTimeMillis()), ContentModel.TYPE_FOLDER).getChildRef();
            testCreateFileFolderService.create(workingRootNodeRef, "TestFolder-" + System.currentTimeMillis(), ContentModel.TYPE_FOLDER);
            // Try this for a while until we get a result
            boolean success = false;
            for (int i = 0; i < 30; i++)
            {
                queryAuditLog(auditQueryCallback, params, -1);
                if (results.size() > 1)
                {
                    logger.debug(sb.toString());
                    success = true;
                    break;
                }
                synchronized (this)
                {
                    try
                    {
                        this.wait(1000L);
                    }
                    catch (InterruptedException e)
                    {
                    }
                }
            }
            assertTrue("There should be audit entry for the API test", success);
        }
        finally
        {
            if (workingRootNodeRef != null)
            {
                nodeService.deleteNode(workingRootNodeRef);
            }
        }
    }	
    public void testAuditOverlimitProperties() throws Exception
    {
        final int OVERLIMIT_SIZE = 1500;
--- a/source/test-java/org/alfresco/repo/audit/TestCreateFileFolderService.java
+++ b/source/test-java/org/alfresco/repo/audit/TestCreateFileFolderService.java
@@ -0,0 +1 @@
 package org.alfresco.repo.audit;
--- a/source/test-java/org/alfresco/repo/audit/TestCreateFileFolderServiceImpl.java
+++ b/source/test-java/org/alfresco/repo/audit/TestCreateFileFolderServiceImpl.java
@@ -0,0 +1 @@
 package org.alfresco.repo.audit;
--- a/source/test-resources/alfresco/testaudit/alfresco-audit-test-mnt-10767-context.xml
+++ b/source/test-resources/alfresco/testaudit/alfresco-audit-test-mnt-10767-context.xml
@@ -0,0 +1,24 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
 <beans>
   <bean id="testCreateFileFolderService" class="org.alfresco.repo.audit.TestCreateFileFolderServiceImpl">
      <property name="fileFolderService"><ref bean="FileFolderService" /></property>
   </bean>
    <bean id="TestCreateFileFolderService" class="org.springframework.aop.framework.ProxyFactoryBean">
        <property name="proxyInterfaces">
            <value>org.alfresco.repo.audit.TestCreateFileFolderService</value>
        </property>
        <property name="target">
            <ref bean="testCreateFileFolderService"/>
        </property>
        <property name="interceptorNames">
            <list>
                <value>AuditMethodInterceptor</value>
            </list>
        </property>
    </bean>
 </beans>
--- a/source/test-resources/alfresco/testaudit/alfresco-audit-test-mnt-10767.xml
+++ b/source/test-resources/alfresco/testaudit/alfresco-audit-test-mnt-10767.xml
@@ -0,0 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Audit xmlns="http://www.alfresco.org/repo/audit/model/3.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.alfresco.org/repo/audit/model/3.2 alfresco-audit-3.2.xsd">
    <DataExtractors>
        <DataExtractor name="simpleValue" registeredName="auditModel.extractor.simpleValue" />
    </DataExtractors>
    <PathMappings>
        <PathMap source="/alfresco-api/post/FileFolderService/create" target="/test-mnt-10767/FileFolderService/create" />
    </PathMappings>
    <Application name="Test MNT-10767" key="test-mnt-10767">
        <AuditPath key="FileFolderService">
            <AuditPath key="create">
                <RecordValue key="parentNodeRef" dataSource="/test-mnt-10767/FileFolderService/create/args/parentNodeRef"
                    dataTrigger="/test-mnt-10767/FileFolderService/create/no-error" dataExtractor="simpleValue" />
                <!-- Dummy path to trick around oddities in the AuditComponent "do we need to audit?" logic -->
                <AuditPath key="no-error" />
            </AuditPath>
        </AuditPath>
    </Application>
 </Audit>