Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

107473: Merged 5.0.N (5.0.3) to HEAD-BUG-FIX (5.1/Cloud)
      107427: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.3)
         107196: Merged DEV to V4.2-BUG-FIX (4.2.5)
            107066: MNT-14136: Audit filter for alfresco-access/login does not work.
               - Added extracted audit data validation with a filter.
               - Added JUnit test.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@107625 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/audit/AuditComponentImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2014 Alfresco Software Limited.
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
  *
  * This file is part of Alfresco
  *
@@ -806,7 +806,20 @@ public class AuditComponentImpl implements AuditComponent
         Map<String, DataGenerator> generators = application.getDataGenerators(generatorKeys);
         Map<String, Serializable> auditData = generateData(generators);
 
-        // MNT-8401
+        // Now extract values
+        Map<String, Serializable> extractedData = AuthenticationUtil.runAs(new RunAsWork<Map<String, Serializable>>()
+        {
+            public Map<String, Serializable> doWork() throws Exception
+            {
+                return extractData(application, values);
+            }
+        }, AuthenticationUtil.getSystemUserName());
+
+        // Combine extracted and generated values (extracted data takes precedence)
+        auditData.putAll(extractedData);
+
+        // Filter data
+        // See MNT-14136, MNT-8401
         for (Map.Entry<String, Serializable> value : auditData.entrySet())
         {
             String root = value.getKey();
@@ -819,18 +832,6 @@ public class AuditComponentImpl implements AuditComponent
             }
         }
 
-        // Now extract values
-        Map<String, Serializable> extractedData = AuthenticationUtil.runAs(new RunAsWork<Map<String, Serializable>>()
-        {
-            public Map<String, Serializable> doWork() throws Exception
-            {
-                return extractData(application, values);
-            }
-        }, AuthenticationUtil.getSystemUserName());
-        
-        // Combine extracted and generated values (extracted data takes precedence)
-        auditData.putAll(extractedData);
-
         // Time and username are intrinsic
         long time = System.currentTimeMillis();
         String username = AuthenticationUtil.getFullyAuthenticatedUser();

source/test-java/org/alfresco/repo/audit/AuditComponentTest.java

@@ -20,13 +20,7 @@ package org.alfresco.repo.audit;
 
 import java.io.Serializable;
 import java.net.URL;
-import java.util.ArrayList;
+import java.util.*;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
 
 import junit.framework.TestCase;
 
@@ -95,7 +89,7 @@ public class AuditComponentTest extends TestCase
     private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
     
     private AuditModelRegistryImpl auditModelRegistry;
-    private AuditComponent auditComponent;
+    private AuditComponentImpl auditComponent;
     private AuditService auditService;
     private ServiceRegistry serviceRegistry;
     private TransactionService transactionService;
@@ -114,7 +108,7 @@ public class AuditComponentTest extends TestCase
         UserAuditFilter userAuditFilter = new UserAuditFilter();
         userAuditFilter.setUserFilterPattern("~System;~null;.*");
         userAuditFilter.afterPropertiesSet();
-        auditComponent = (AuditComponent) ctx.getBean("auditComponent");
+        auditComponent = (AuditComponentImpl) ctx.getBean("auditComponent");
         auditComponent.setUserAuditFilter(userAuditFilter);
         serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
         auditService = serviceRegistry.getAuditService();
@@ -815,6 +809,9 @@ public class AuditComponentTest extends TestCase
         assertTrue("There should be exactly one audit entry for the API test", success);
     }
 
+    /**
+     * Test for MNT-10070 and MNT-14136
+     */
     public void testApplication() throws Exception
     {
         // Register the test model
@@ -849,10 +846,24 @@ public class AuditComponentTest extends TestCase
         // auditComponent
         AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
 
-        UserAuditFilter userAuditFilter = new UserAuditFilter();
+        PropertyAuditFilter filter = new PropertyAuditFilter();
-        userAuditFilter.setUserFilterPattern("~System;~null;.*");
+        Properties properties = new Properties();
-        userAuditFilter.afterPropertiesSet();
+        properties.put("audit.enabled", "true");
-        auditComponent.setUserAuditFilter(userAuditFilter);
+
+        properties.put("audit.app1.enabled", "true");
+        properties.put("audit.filter.app1.default.enabled", "true");
+        properties.put("audit.filter.app1.default.user", "~System;~null;.*");
+
+        properties.put("audit.app2.enabled", "true");
+        properties.put("audit.filter.app2.default.enabled", "true");
+        properties.put("audit.filter.app2.default.user", "~System;~null;~admin;.*");
+
+        properties.put("audit.app3.enabled", "true");
+        properties.put("audit.filter.app3.default.enabled", "true");
+        properties.put("audit.filter.app3.default.user", "~System;~null;.*");
+
+        filter.setProperties(properties);
+        auditComponent.setAuditFilter(filter);
 
         Map<String, Serializable> auditMap = new HashMap<String, Serializable>();
         auditMap.put("/transaction/user", AuthenticationUtil.getFullyAuthenticatedUser());
@@ -864,7 +875,7 @@ public class AuditComponentTest extends TestCase
         assertFalse("Audit values is empty.", recordedAuditMap.isEmpty());
 
         Map<String, Serializable> expected = new HashMap<String, Serializable>();
-        expected.put("/" + APPLICATION_TWO + "/transaction/user", AuthenticationUtil.getFullyAuthenticatedUser());
+        // There should not be app2
         expected.put("/" + APPLICATION_ONE + "/transaction/action", "CREATE");
         expected.put("/" + APPLICATION_THREE + "/transaction/type", "cm:content");