inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

Browse Source 
79033: Merged V4.2-BUG-FIX (4.2.4) to HEAD-BUG-FIX (5.0/Cloud)
      78970: Merged DEV to V4.2-BUG-FIX (4.2.4)
         78847: MNT-11760 : No auditing entries generated for failed logins with audit.alfresco-access.enabled=true configured
         Fixed audit logging for failed logins.
         78848: MNT-11760 : No auditing entries generated for failed logins with audit.alfresco-access.enabled=true configured
         Fixed tests to highlight the issue.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@82681 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Will Abson
2014-09-03 15:12:17 +00:00
parent 3726796d43
commit b91927c48c
4 changed files with 42 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
source/java/org/alfresco/repo/audit/AuditComponent.java
View File

@@ -207,6 +207,19 @@ public interface AuditComponent
*/
Map<String, Serializable> recordAuditValues(String rootPath, Map<String, Serializable> values);
/**
* The same as {@link AuditComponent#recordAuditValues(String, Map)}, but with controlled usage of userFilter
*
* @param rootPath a base path of {@link AuditPath} key entries concatenated with the path separator
* '/' ({@link AuditApplication#AUDIT_PATH_SEPARATOR})
* @param values the values to audit mapped by {@link AuditPath} key relative to root path
* (may be <tt>null</tt>)
* @param useUserFilter if <tt>false<tt> the user filter is disabled.
* @return Returns the values that were actually persisted, keyed by their full path.
* @throws IllegalStateException if the transaction state could not be determined
*/
Map<String, Serializable> recordAuditValuesWithUserFilter(String rootPath, Map<String, Serializable> values, boolean useUserFilter);
/**
* Find audit entries using the given parameters
*

14
source/java/org/alfresco/repo/audit/AuditComponentImpl.java
View File

@@ -484,17 +484,21 @@ public class AuditComponentImpl implements AuditComponent
}
}
/**
* {@inheritDoc}
* @since 3.2
*/
@Override
public Map<String, Serializable> recordAuditValues(String rootPath, Map<String, Serializable> values)
{
return recordAuditValuesWithUserFilter(rootPath, values, true);
}
@Override
public Map<String, Serializable> recordAuditValuesWithUserFilter(String rootPath, Map<String, Serializable> values, boolean useUserFilter)
{
ParameterCheck.mandatory("rootPath", rootPath);
AuditApplication.checkPathFormat(rootPath);
String username = AuthenticationUtil.getFullyAuthenticatedUser();
if (values == null || values.isEmpty() || !areAuditValuesRequired() || !userAuditFilter.acceptUser(username) || !auditFilter.accept(rootPath, values))
if (values == null || values.isEmpty() || !areAuditValuesRequired()
|| !(userAuditFilter.acceptUser(username) || !useUserFilter) || !auditFilter.accept(rootPath, values))
{
return Collections.emptyMap();
}

13
source/java/org/alfresco/repo/audit/AuditMethodInterceptor.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
* Copyright (C) 2005-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -36,6 +36,7 @@ import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.error.StackTraceUtil;
import org.alfresco.repo.audit.model.AuditApplication;
import org.alfresco.repo.domain.schema.SchemaBootstrap;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.Auditable;
@@ -516,8 +517,18 @@ public class AuditMethodInterceptor implements MethodInterceptor
new RetryingTransactionCallback<Map<String, Serializable>>()
{
public Map<String, Serializable> execute() throws Throwable
{
// Record thrown exceptions regardless of userFilter in case of failed authentication
// see MNT-11760
if (thrown instanceof AuthenticationException)
{
return auditComponent.recordAuditValuesWithUserFilter(rootPath, auditData, false);
}
else
{
return auditComponent.recordAuditValues(rootPath, auditData);
}
}
};
try

9
source/test-java/org/alfresco/repo/audit/AuditComponentTest.java
View File

@@ -108,7 +108,7 @@ public class AuditComponentTest extends TestCase
auditModelRegistry = (AuditModelRegistryImpl) ctx.getBean("auditModel.modelRegistry");
//MNT-10807 : Auditing does not take into account audit.filter.alfresco-access.transaction.user
UserAuditFilter userAuditFilter = new UserAuditFilter();
userAuditFilter.setUserFilterPattern("System;.*");
userAuditFilter.setUserFilterPattern("~System;~null;.*");
userAuditFilter.afterPropertiesSet();
auditComponent = (AuditComponent) ctx.getBean("auditComponent");
auditComponent.setUserAuditFilter(userAuditFilter);
@@ -647,6 +647,7 @@ public class AuditComponentTest extends TestCase
{
try
{
AuthenticationUtil.pushAuthentication();
authenticationService.authenticate("banana", "****".toCharArray());
fail("Invalid authentication attempt should fail");
}
@@ -654,6 +655,10 @@ public class AuditComponentTest extends TestCase
{
// Expected
}
finally
{
AuthenticationUtil.popAuthentication();
}
}
// ALF-3055 : auditing of failures is now asynchronous, so loop up to 60 times with
@@ -811,7 +816,7 @@ public class AuditComponentTest extends TestCase
*/
public void testAuditSubordinateCall() throws Exception
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
AuditQueryParameters params = new AuditQueryParameters();
params.setForward(true);