Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-11024

CLONE - Auditing does not take into account audit.filter.alfresco-access.transaction.user

    Details

    • Type: Hot Fix Request
    • Status: Closed (View Workflow)
    • Resolution: Fixed
    • Affects Version/s: 4.1.6
    • Fix Version/s: 4.1.6.17
    • Component/s: Auditing
    • Labels:
      None
    • Environment:
      any with auditing activated

      Description

      How to reproduce?
      =================
      1) create a plain vanilla 4.1.6 (linux pg tomcat)
      2) in explorer as 'admin' create a new user 'user1'
      3) in explorer as 'admin' create a folder 'folder1' under company_home
      4) activate auditing but exclude 'user1

      audit.enabled=true
      audit.alfresco-access.enabled=true
      audit.filter.alfresco-access.transaction.user=~user1;.*
      

      5) restart alfresco
      6) configure pg to log all requests, i.e. in postgresql.conf:

      log_min_duration_statement = 0
      log_statement = 'all'	
      

      and watch the database logs looking for an insert:

      tail -f /var/log/postgresql/postgresql-9.0-main.log| grep -i --color insert
      

      7) log in as 'user1' in explorer
      8) confirm that if you list 'folder1' in explorer that does not generate any insert in the db
      9) now try to use one of the cmis API:
      e.g
      a)

      curl --user user1:mypass http://localhost:8080/alfresco/cmisatom > /dev/null
      

      b)

      curl --user user1:mypass http://localhost:8080/alfresco/service/cmis/p/folder1/folder1/children > /dev/null
      

      Result:
      =======

      The two calls do generates SQL insert activity:

      2014-02-28 10:20:02 CET LOG:  duration: 0.044 ms  parse <unnamed>: insert into alf_prop_root (id, version) 
      2014-02-28 10:20:02 CET LOG:  duration: 0.028 ms  bind <unnamed>: insert into alf_prop_root (id, version) 
      2014-02-28 10:20:02 CET LOG:  execute <unnamed>: insert into alf_prop_root (id, version) 
      2014-02-28 10:20:02 CET LOG:  duration: 0.053 ms  parse S_53: insert into alf_prop_link
      2014-02-28 10:20:02 CET LOG:  duration: 0.015 ms  bind S_53: insert into alf_prop_link
      2014-02-28 10:20:02 CET LOG:  execute S_53: insert into alf_prop_link
      2014-02-28 10:20:02 CET LOG:  duration: 0.013 ms  bind S_53: insert into alf_prop_link
      2014-02-28 10:20:02 CET LOG:  execute S_53: insert into alf_prop_link
      2014-02-28 10:20:02 CET LOG:  duration: 0.038 ms  parse <unnamed>: insert into alf_audit_entry (id, audit_app_id, audit_user_id, audit_time, audit_values_id) 
      2014-02-28 10:20:02 CET LOG:  duration: 0.030 ms  bind <unnamed>: insert into alf_audit_entry (id, audit_app_id, audit_user_id, audit_time, audit_values_id) 
      2014-02-28 10:20:02 CET LOG:  execute <unnamed>: insert into alf_audit_entry (id, audit_app_id, audit_user_id, audit_time, audit_values_id) 
      

      Expected result:
      ===============
      no activity is logged.

      Notes:
      =====
      This may be due to the use of HTTP Basic auth by the API, and thus identifed as a login and not an access.

      We should be able to generate no SQL insert as the customer needs to control using configuration the size of the audit table.

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  closedbugs Closed Bugs
                  Reporter:
                  sashcraft Scott Ashcraft
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 2 hours
                    2h

                      Structure Helper Panel