Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-10767

Guard in AuditMethodInterceptor is too restrictive preventing subordinate service calls from producing data.

    Details

    • Type: Service Pack Request
    • Status: Closed (View Workflow)
    • Resolution: Fixed
    • Affects Version/s: 4.1, 4.2
    • Fix Version/s: 4.2.2
    • Component/s: Auditing
    • Labels:
      None

      Description

      Description:
      Lets assume that you have an action defined in javascript that is triggered by a rule. In the action some calls to FileFolderService are made (I am using here the public proxied bean (upper case)). Under that scenario FileFolderService calls are never audited and are not auditable.

      This can best be reproduced using actions that execute script code. 

      Steps to reproduce: 
      1) Activate an alfresco-api based audit configuration (i.e. put attached notification.xml into /shared/classes/alfresco/extension/audit/) 
      2) Create a script in the data dictionary that creates files / folders (see attached createStructure.js) 
      3) Setup a content rule on a directory that triggers the "Execute a script" action using the createStructure.js script 
      4) Trigger the content rule 
      5) Perform an audit query (via the Audit ReST API or the Share Extras Audit Dashlet) 

      Expectation: All file / folder creations are logged in the audit tables. 
      Observation: There is no result in the audit query as no events have been recorded. 

      Analysis: The AuditMethodInterceptor, which produces the data of "alfresco-api" has a guard against nested calls (presumably to prevent audit data extractors / generators to recursively trigger audit events). This guard is too generic as it also prevents service calls on other, subordniate public services to produce data. In the case of script actions, the top level service call to the public ScriptService prevents any calls to the FileFolderService (via ScriptNode) from generating audit data. 

      Please find attached a proposed patch that corrects the guard so it no longer prevents capturing of audit data on subordinate public service calls.

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  closedbugs Closed Bugs
                  Reporter:
                  pdubois Philippe Dubois [X] (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 2 days, 6 hours, 30 minutes
                    2d 6h 30m

                      Structure Helper Panel