From 60d2a006444da23257c1bae006ae803bae868fa5 Mon Sep 17 00:00:00 2001 From: Mihai Cozma Date: Wed, 15 Jun 2016 15:42:11 +0300 Subject: [PATCH 1/2] RM-3293 RM Audit History does not log Cutoff --- .../alfresco-global.properties | 2 + .../org_alfresco_module_rm/rm-job-context.xml | 3 +- .../job/RecordsManagementJob.java | 58 +++++++++++-------- 3 files changed, 37 insertions(+), 26 deletions(-) diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties index 221a3f5fc1..62a73628b5 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties @@ -17,6 +17,8 @@ imap.server.attachments.extraction.enabled=false # audit.enabled=true audit.rm.enabled=true +audit.rm.runasadmin=false +#audit.filter.alfresco-access.transaction.user=~null;.* # # Extended permission service cache sizing diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-job-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-job-context.xml index c975a79827..15f556cd54 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-job-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-job-context.xml @@ -59,6 +59,7 @@ + @@ -94,7 +95,7 @@ - + diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java index 409a0f0d32..e885782798 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java @@ -42,12 +42,12 @@ import org.apache.commons.logging.LogFactory; import org.quartz.Job; import org.quartz.JobExecutionContext; import org.quartz.JobExecutionException; +import org.springframework.scheduling.quartz.QuartzJobBean; /** * Base records management job implementation. *

- * Delegates job execution and ensures locking - * is enforced. + * Delegates job execution and ensures locking is enforced. * * @author Roy Wetherall */ @@ -55,6 +55,9 @@ public class RecordsManagementJob implements Job { private static Log logger = LogFactory.getLog(RecordsManagementJob.class); + /** indicates whether the audit history should be run as admin or not */ + private boolean runAsAdmin = false; + private static final long DEFAULT_TIME = 30000L; private JobLockService jobLockService; @@ -67,17 +70,17 @@ public class RecordsManagementJob implements Job { return QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, jobName); } - + private class LockCallback implements JobLockRefreshCallback { final AtomicBoolean running = new AtomicBoolean(true); - + @Override public boolean isActive() { return running.get(); } - + @Override public void lockReleased() { @@ -85,11 +88,10 @@ public class RecordsManagementJob implements Job } } - /** - * Attempts to get the lock. If the lock couldn't be taken, then null is returned. + * Attempts to get the lock. If the lock couldn't be taken, then null is returned. * - * @return Returns the lock token or null + * @return Returns the lock token or null */ private String getLock() { @@ -107,27 +109,21 @@ public class RecordsManagementJob implements Job public void execute(JobExecutionContext context) throws JobExecutionException { // get the job lock service - jobLockService = (JobLockService)context.getJobDetail().getJobDataMap().get("jobLockService"); - if (jobLockService == null) - { - throw new AlfrescoRuntimeException("Job lock service has not been specified."); - } + jobLockService = (JobLockService) context.getJobDetail().getJobDataMap().get("jobLockService"); + if (jobLockService == null) { throw new AlfrescoRuntimeException("Job lock service has not been specified."); } // get the job executer - jobExecuter = (RecordsManagementJobExecuter)context.getJobDetail().getJobDataMap().get("jobExecuter"); - if (jobExecuter == null) - { - throw new AlfrescoRuntimeException("Job executer has not been specified."); - } + jobExecuter = (RecordsManagementJobExecuter) context.getJobDetail().getJobDataMap().get("jobExecuter"); + if (jobExecuter == null) { throw new AlfrescoRuntimeException("Job executer has not been specified."); } // get the job name - jobName = (String)context.getJobDetail().getJobDataMap().get("jobName"); - if (jobName == null) - { - throw new AlfrescoRuntimeException("Job name has not been specified."); - } + jobName = (String) context.getJobDetail().getJobDataMap().get("jobName"); + if (jobName == null) { throw new AlfrescoRuntimeException("Job name has not been specified."); } + + setRunAsAdmin(Boolean.parseBoolean((String) context.getJobDetail().getJobDataMap().get("runAsAdmin"))); final LockCallback lockCallback = new LockCallback(); + AuthenticationUtil.runAs(new RunAsWork() { public Void doWork() @@ -154,7 +150,8 @@ public class RecordsManagementJob implements Job // Ignore if (logger.isDebugEnabled()) { - logger.debug("Lock release failed: " + getLockQName() + ": " + lockToken + "(" + e.getMessage() + ")"); + logger.debug("Lock release failed: " + getLockQName() + ": " + lockToken + "(" + + e.getMessage() + ")"); } } } @@ -163,6 +160,17 @@ public class RecordsManagementJob implements Job // return return null; } - }, AuthenticationUtil.getSystemUserName()); + }, this.runAsAdmin ? AuthenticationUtil.getAdminUserName() : AuthenticationUtil.getSystemUserName()); } + + public boolean isRunAsAdmin() + { + return runAsAdmin; + } + + public void setRunAsAdmin(boolean runAsAdmin) + { + this.runAsAdmin = runAsAdmin; + } + } From cdf9807aec3c1240f07bf8a49017210f5580b260 Mon Sep 17 00:00:00 2001 From: Mihai Cozma Date: Thu, 23 Jun 2016 12:10:06 +0300 Subject: [PATCH 2/2] RM-3293 RM Audit History does not log --- .../alfresco-global.properties | 5 +- .../org_alfresco_module_rm/rm-job-context.xml | 38 +++++++------- .../job/DispositionLifecycleJobExecuter.java | 42 ++++++++++----- .../job/RecordsManagementJob.java | 51 +++++++++++++++---- 4 files changed, 91 insertions(+), 45 deletions(-) diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties index 62a73628b5..8391868971 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties @@ -17,7 +17,8 @@ imap.server.attachments.extraction.enabled=false # audit.enabled=true audit.rm.enabled=true -audit.rm.runasadmin=false +#audit.rm.runas=admin + #audit.filter.alfresco-access.transaction.user=~null;.* # @@ -48,7 +49,7 @@ rm.autocompletesuggestion.nodeParameterSuggester.aspectsAndTypes=rma:record,cm:c # # Global RM disposition lifecycle trigger cron job expression # -rm.dispositionlifecycletrigger.cronexpression=0 0/5 * * * ? +rm.dispositionlifecycletrigger.cronexpression=0 0/2 * * * ? # # Records contributors group diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-job-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-job-context.xml index 15f556cd54..44bd92fe34 100644 --- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-job-context.xml +++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-job-context.xml @@ -51,24 +51,25 @@ - - - - org.alfresco.module.org_alfresco_module_rm.job.RecordsManagementJob - - - - - - - - - - - - - - + + + + + org.alfresco.module.org_alfresco_module_rm.job.RecordsManagementJob + + + + + + + + + + + + + + + diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/DispositionLifecycleJobExecuter.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/DispositionLifecycleJobExecuter.java index 2043244909..aadbbf6f19 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/DispositionLifecycleJobExecuter.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/DispositionLifecycleJobExecuter.java @@ -43,16 +43,13 @@ import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.StoreRef; import org.alfresco.service.cmr.search.ResultSet; import org.alfresco.service.cmr.search.SearchService; +import org.alfresco.service.cmr.security.AuthenticationService; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** - * The Disposition Lifecycle Job Finds all disposition action nodes which are - * for disposition actions specified Where asOf > now OR - * dispositionEventsEligible = true; - * - * Runs the cut off or retain action for - * eligible records. + * The Disposition Lifecycle Job Finds all disposition action nodes which are for disposition actions specified Where + * asOf > now OR dispositionEventsEligible = true; Runs the cut off or retain action for eligible records. * * @author mrogers * @author Roy Wetherall @@ -77,10 +74,13 @@ public class DispositionLifecycleJobExecuter extends RecordsManagementJobExecute /** search service */ private SearchService searchService; + /** authenticationService service */ + private AuthenticationService authenticationService; + /** * List of disposition actions to automatically execute when eligible. * - * @param dispositionActions disposition actions + * @param dispositionActions disposition actions */ public void setDispositionActions(List dispositionActions) { @@ -88,7 +88,7 @@ public class DispositionLifecycleJobExecuter extends RecordsManagementJobExecute } /** - * @param recordsManagementActionService records management action service + * @param recordsManagementActionService records management action service */ public void setRecordsManagementActionService(RecordsManagementActionService recordsManagementActionService) { @@ -96,7 +96,7 @@ public class DispositionLifecycleJobExecuter extends RecordsManagementJobExecute } /** - * @param nodeService node service + * @param nodeService node service */ public void setNodeService(NodeService nodeService) { @@ -114,7 +114,7 @@ public class DispositionLifecycleJobExecuter extends RecordsManagementJobExecute /** * Get the search query string. * - * @return job query string + * @return job query string */ protected String getQuery() { @@ -165,7 +165,8 @@ public class DispositionLifecycleJobExecuter extends RecordsManagementJobExecute if (dispositionActions != null && !dispositionActions.isEmpty()) { // execute search - ResultSet results = searchService.query(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, SearchService.LANGUAGE_FTS_ALFRESCO, getQuery()); + ResultSet results = searchService.query(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, + SearchService.LANGUAGE_FTS_ALFRESCO, getQuery()); List resultNodes = results.getNodeRefs(); results.close(); @@ -183,7 +184,8 @@ public class DispositionLifecycleJobExecuter extends RecordsManagementJobExecute { public Boolean execute() { - final String dispAction = (String) nodeService.getProperty(currentNode, RecordsManagementModel.PROP_DISPOSITION_ACTION); + final String dispAction = (String) nodeService.getProperty(currentNode, + RecordsManagementModel.PROP_DISPOSITION_ACTION); // Run disposition action if (dispAction != null && dispositionActions.contains(dispAction)) @@ -192,12 +194,14 @@ public class DispositionLifecycleJobExecuter extends RecordsManagementJobExecute if (parent.getTypeQName().equals(RecordsManagementModel.ASSOC_NEXT_DISPOSITION_ACTION)) { Map props = new HashMap(1); - props.put(RMDispositionActionExecuterAbstractBase.PARAM_NO_ERROR_CHECK, Boolean.FALSE); + props.put(RMDispositionActionExecuterAbstractBase.PARAM_NO_ERROR_CHECK, + Boolean.FALSE); try { // execute disposition action - recordsManagementActionService.executeRecordsManagementAction(parent.getParentRef(), dispAction, props); + recordsManagementActionService.executeRecordsManagementAction( + parent.getParentRef(), dispAction, props); if (logger.isDebugEnabled()) { @@ -236,4 +240,14 @@ public class DispositionLifecycleJobExecuter extends RecordsManagementJobExecute } } } + + public AuthenticationService getAuthenticationService() + { + return authenticationService; + } + + public void setAuthenticationService(AuthenticationService authenticationService) + { + this.authenticationService = authenticationService; + } } diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java index e885782798..a1dc0c3a65 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java @@ -42,7 +42,6 @@ import org.apache.commons.logging.LogFactory; import org.quartz.Job; import org.quartz.JobExecutionContext; import org.quartz.JobExecutionException; -import org.springframework.scheduling.quartz.QuartzJobBean; /** * Base records management job implementation. @@ -55,14 +54,14 @@ public class RecordsManagementJob implements Job { private static Log logger = LogFactory.getLog(RecordsManagementJob.class); - /** indicates whether the audit history should be run as admin or not */ - private boolean runAsAdmin = false; + /** which user should be used to log audit */ + private String runAuditAs = AuthenticationUtil.getSystemUserName(); private static final long DEFAULT_TIME = 30000L; private JobLockService jobLockService; - private RecordsManagementJobExecuter jobExecuter; + private RecordsManagementJobExecuter jobExecuter = null; private String jobName; @@ -105,9 +104,12 @@ public class RecordsManagementJob implements Job } } - @Override + /** + * @see org.quartz.Job#execute(org.quartz.JobExecutionContext) + */ public void execute(JobExecutionContext context) throws JobExecutionException { + // get the job lock service jobLockService = (JobLockService) context.getJobDetail().getJobDataMap().get("jobLockService"); if (jobLockService == null) { throw new AlfrescoRuntimeException("Job lock service has not been specified."); } @@ -118,9 +120,35 @@ public class RecordsManagementJob implements Job // get the job name jobName = (String) context.getJobDetail().getJobDataMap().get("jobName"); + if (jobName == null) { throw new AlfrescoRuntimeException("Job name has not been specified."); } - setRunAsAdmin(Boolean.parseBoolean((String) context.getJobDetail().getJobDataMap().get("runAsAdmin"))); + if (jobName.compareTo("dispositionLifecycle") == 0) + { + //RM-3293 - set user for audit + if (jobExecuter instanceof DispositionLifecycleJobExecuter) + { + String auditUser = (String) context.getJobDetail().getJobDataMap().get("runAuditAs"); + if (((DispositionLifecycleJobExecuter) jobExecuter).getAuthenticationService() + .authenticationExists(auditUser)) + { + + setRunAuditAs(auditUser); + } + else + { + setRunAuditAs(AuthenticationUtil.getSystemUserName()); + } + + } + + if (logger.isDebugEnabled()) + { + logger.debug("DispositionLifecycleJobExecuter() logged audit history with user: " + getRunAuditAs()); + + } + + } final LockCallback lockCallback = new LockCallback(); @@ -160,17 +188,18 @@ public class RecordsManagementJob implements Job // return return null; } - }, this.runAsAdmin ? AuthenticationUtil.getAdminUserName() : AuthenticationUtil.getSystemUserName()); + }, getRunAuditAs()); } - public boolean isRunAsAdmin() + public String getRunAuditAs() { - return runAsAdmin; + return runAuditAs; } - public void setRunAsAdmin(boolean runAsAdmin) + public void setRunAuditAs(String runAuditAs) { - this.runAsAdmin = runAsAdmin; + + this.runAuditAs = runAuditAs; } }