inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-10-08 14:51:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

Browse Source 
107473: Merged 5.0.N (5.0.3) to HEAD-BUG-FIX (5.1/Cloud)
      107427: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.3)
         107196: Merged DEV to V4.2-BUG-FIX (4.2.5)
            107066: MNT-14136: Audit filter for alfresco-access/login does not work.
               - Added extracted audit data validation with a filter.
               - Added JUnit test.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@107625 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tatyana Valkevych
2015-07-02 15:30:20 +00:00
parent d12a913980
commit ce3322690e
2 changed files with 40 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
source/java/org/alfresco/repo/audit/AuditComponentImpl.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -806,19 +806,6 @@ public class AuditComponentImpl implements AuditComponent
Map<String, DataGenerator> generators = application.getDataGenerators(generatorKeys);
Map<String, Serializable> auditData = generateData(generators);
// MNT-8401
for (Map.Entry<String, Serializable> value : auditData.entrySet())
{
String root = value.getKey();
int index = root.lastIndexOf("/");
Map<String, Serializable> argc = new HashMap<String, Serializable>(1);
argc.put(root.substring(index, root.length()).substring(1), value.getValue());
if (!auditFilter.accept(root.substring(0, index), argc))
{
return Collections.emptyMap();
}
}
// Now extract values
Map<String, Serializable> extractedData = AuthenticationUtil.runAs(new RunAsWork<Map<String, Serializable>>()
{
@@ -831,6 +818,20 @@ public class AuditComponentImpl implements AuditComponent
// Combine extracted and generated values (extracted data takes precedence)
auditData.putAll(extractedData);
// Filter data
// See MNT-14136, MNT-8401
for (Map.Entry<String, Serializable> value : auditData.entrySet())
{
String root = value.getKey();
int index = root.lastIndexOf("/");
Map<String, Serializable> argc = new HashMap<String, Serializable>(1);
argc.put(root.substring(index, root.length()).substring(1), value.getValue());
if (!auditFilter.accept(root.substring(0, index), argc))
{
return Collections.emptyMap();
}
}
// Time and username are intrinsic
long time = System.currentTimeMillis();
String username = AuthenticationUtil.getFullyAuthenticatedUser();

39
source/test-java/org/alfresco/repo/audit/AuditComponentTest.java
View File

@@ -20,13 +20,7 @@ package org.alfresco.repo.audit;
import java.io.Serializable;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.*;
import junit.framework.TestCase;
@@ -95,7 +89,7 @@ public class AuditComponentTest extends TestCase
private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
private AuditModelRegistryImpl auditModelRegistry;
private AuditComponent auditComponent;
private AuditComponentImpl auditComponent;
private AuditService auditService;
private ServiceRegistry serviceRegistry;
private TransactionService transactionService;
@@ -114,7 +108,7 @@ public class AuditComponentTest extends TestCase
UserAuditFilter userAuditFilter = new UserAuditFilter();
userAuditFilter.setUserFilterPattern("~System;~null;.*");
userAuditFilter.afterPropertiesSet();
auditComponent = (AuditComponent) ctx.getBean("auditComponent");
auditComponent = (AuditComponentImpl) ctx.getBean("auditComponent");
auditComponent.setUserAuditFilter(userAuditFilter);
serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
auditService = serviceRegistry.getAuditService();
@@ -815,6 +809,9 @@ public class AuditComponentTest extends TestCase
assertTrue("There should be exactly one audit entry for the API test", success);
}
/**
* Test for MNT-10070 and MNT-14136
*/
public void testApplication() throws Exception
{
// Register the test model
@@ -849,10 +846,24 @@ public class AuditComponentTest extends TestCase
// auditComponent
AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser();
UserAuditFilter userAuditFilter = new UserAuditFilter();
userAuditFilter.setUserFilterPattern("~System;~null;.*");
userAuditFilter.afterPropertiesSet();
auditComponent.setUserAuditFilter(userAuditFilter);
PropertyAuditFilter filter = new PropertyAuditFilter();
Properties properties = new Properties();
properties.put("audit.enabled", "true");
properties.put("audit.app1.enabled", "true");
properties.put("audit.filter.app1.default.enabled", "true");
properties.put("audit.filter.app1.default.user", "~System;~null;.*");
properties.put("audit.app2.enabled", "true");
properties.put("audit.filter.app2.default.enabled", "true");
properties.put("audit.filter.app2.default.user", "~System;~null;~admin;.*");
properties.put("audit.app3.enabled", "true");
properties.put("audit.filter.app3.default.enabled", "true");
properties.put("audit.filter.app3.default.user", "~System;~null;.*");
filter.setProperties(properties);
auditComponent.setAuditFilter(filter);
Map<String, Serializable> auditMap = new HashMap<String, Serializable>();
auditMap.put("/transaction/user", AuthenticationUtil.getFullyAuthenticatedUser());
@@ -864,7 +875,7 @@ public class AuditComponentTest extends TestCase
assertFalse("Audit values is empty.", recordedAuditMap.isEmpty());
Map<String, Serializable> expected = new HashMap<String, Serializable>();
expected.put("/" + APPLICATION_TWO + "/transaction/user", AuthenticationUtil.getFullyAuthenticatedUser());
// There should not be app2
expected.put("/" + APPLICATION_ONE + "/transaction/action", "CREATE");
expected.put("/" + APPLICATION_THREE + "/transaction/type", "cm:content");