inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

Browse Source 
79033: Merged V4.2-BUG-FIX (4.2.4) to HEAD-BUG-FIX (5.0/Cloud)
      78970: Merged DEV to V4.2-BUG-FIX (4.2.4)
         78847: MNT-11760 : No auditing entries generated for failed logins with audit.alfresco-access.enabled=true configured
         Fixed audit logging for failed logins.
         78848: MNT-11760 : No auditing entries generated for failed logins with audit.alfresco-access.enabled=true configured
         Fixed tests to highlight the issue.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@82681 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Will Abson
2014-09-03 15:12:17 +00:00
parent 3726796d43
commit b91927c48c
4 changed files with 42 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
source/java/org/alfresco/repo/audit/AuditComponent.java
View File

@@ -207,6 +207,19 @@ public interface AuditComponent
*/ */
Map<String, Serializable> recordAuditValues(String rootPath, Map<String, Serializable> values); Map<String, Serializable> recordAuditValues(String rootPath, Map<String, Serializable> values);
/**
* The same as {@link AuditComponent#recordAuditValues(String, Map)}, but with controlled usage of userFilter
*
* @param rootPath a base path of {@link AuditPath} key entries concatenated with the path separator
* '/' ({@link AuditApplication#AUDIT_PATH_SEPARATOR})
* @param values the values to audit mapped by {@link AuditPath} key relative to root path
* (may be <tt>null</tt>)
* @param useUserFilter if <tt>false<tt> the user filter is disabled.
* @return Returns the values that were actually persisted, keyed by their full path.
* @throws IllegalStateException if the transaction state could not be determined
*/
Map<String, Serializable> recordAuditValuesWithUserFilter(String rootPath, Map<String, Serializable> values, boolean useUserFilter);
/** /**
* Find audit entries using the given parameters * Find audit entries using the given parameters
* *

14
source/java/org/alfresco/repo/audit/AuditComponentImpl.java
View File

@@ -484,17 +484,21 @@ public class AuditComponentImpl implements AuditComponent
} }
} }
/** @Override
* {@inheritDoc}
* @since 3.2
*/
public Map<String, Serializable> recordAuditValues(String rootPath, Map<String, Serializable> values) public Map<String, Serializable> recordAuditValues(String rootPath, Map<String, Serializable> values)
{
return recordAuditValuesWithUserFilter(rootPath, values, true);
}
@Override
public Map<String, Serializable> recordAuditValuesWithUserFilter(String rootPath, Map<String, Serializable> values, boolean useUserFilter)
{ {
ParameterCheck.mandatory("rootPath", rootPath); ParameterCheck.mandatory("rootPath", rootPath);
AuditApplication.checkPathFormat(rootPath); AuditApplication.checkPathFormat(rootPath);
String username = AuthenticationUtil.getFullyAuthenticatedUser(); String username = AuthenticationUtil.getFullyAuthenticatedUser();
if (values == null || values.isEmpty() || !areAuditValuesRequired() || !userAuditFilter.acceptUser(username) || !auditFilter.accept(rootPath, values)) if (values == null || values.isEmpty() || !areAuditValuesRequired()
|| !(userAuditFilter.acceptUser(username) || !useUserFilter) || !auditFilter.accept(rootPath, values))
{ {
return Collections.emptyMap(); return Collections.emptyMap();
} }

15
source/java/org/alfresco/repo/audit/AuditMethodInterceptor.java
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2005-2012 Alfresco Software Limited. * Copyright (C) 2005-2014 Alfresco Software Limited.
* *
* This file is part of Alfresco * This file is part of Alfresco
* *
@@ -36,6 +36,7 @@ import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.error.StackTraceUtil; import org.alfresco.error.StackTraceUtil;
import org.alfresco.repo.audit.model.AuditApplication; import org.alfresco.repo.audit.model.AuditApplication;
import org.alfresco.repo.domain.schema.SchemaBootstrap; import org.alfresco.repo.domain.schema.SchemaBootstrap;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.Auditable; import org.alfresco.service.Auditable;
@@ -517,7 +518,17 @@ public class AuditMethodInterceptor implements MethodInterceptor
{ {
public Map<String, Serializable> execute() throws Throwable public Map<String, Serializable> execute() throws Throwable
{ {
return auditComponent.recordAuditValues(rootPath, auditData); // Record thrown exceptions regardless of userFilter in case of failed authentication
// see MNT-11760
if (thrown instanceof AuthenticationException)
{
return auditComponent.recordAuditValuesWithUserFilter(rootPath, auditData, false);
}
else
{
return auditComponent.recordAuditValues(rootPath, auditData);
}
} }
}; };
try try

9
source/test-java/org/alfresco/repo/audit/AuditComponentTest.java
View File

@@ -108,7 +108,7 @@ public class AuditComponentTest extends TestCase
auditModelRegistry = (AuditModelRegistryImpl) ctx.getBean("auditModel.modelRegistry"); auditModelRegistry = (AuditModelRegistryImpl) ctx.getBean("auditModel.modelRegistry");
//MNT-10807 : Auditing does not take into account audit.filter.alfresco-access.transaction.user //MNT-10807 : Auditing does not take into account audit.filter.alfresco-access.transaction.user
UserAuditFilter userAuditFilter = new UserAuditFilter(); UserAuditFilter userAuditFilter = new UserAuditFilter();
userAuditFilter.setUserFilterPattern("System;.*"); userAuditFilter.setUserFilterPattern("~System;~null;.*");
userAuditFilter.afterPropertiesSet(); userAuditFilter.afterPropertiesSet();
auditComponent = (AuditComponent) ctx.getBean("auditComponent"); auditComponent = (AuditComponent) ctx.getBean("auditComponent");
auditComponent.setUserAuditFilter(userAuditFilter); auditComponent.setUserAuditFilter(userAuditFilter);
@@ -647,6 +647,7 @@ public class AuditComponentTest extends TestCase
{ {
try try
{ {
AuthenticationUtil.pushAuthentication();
authenticationService.authenticate("banana", "****".toCharArray()); authenticationService.authenticate("banana", "****".toCharArray());
fail("Invalid authentication attempt should fail"); fail("Invalid authentication attempt should fail");
} }
@@ -654,6 +655,10 @@ public class AuditComponentTest extends TestCase
{ {
// Expected // Expected
} }
finally
{
AuthenticationUtil.popAuthentication();
}
} }
// ALF-3055 : auditing of failures is now asynchronous, so loop up to 60 times with // ALF-3055 : auditing of failures is now asynchronous, so loop up to 60 times with
@@ -811,7 +816,7 @@ public class AuditComponentTest extends TestCase
*/ */
public void testAuditSubordinateCall() throws Exception public void testAuditSubordinateCall() throws Exception
{ {
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
AuditQueryParameters params = new AuditQueryParameters(); AuditQueryParameters params = new AuditQueryParameters();
params.setForward(true); params.setForward(true);