【问题标题】:Audit Alfresco Authority Deletion: no event is recorded审计 Alfresco 权限删除:未记录任何事件
【发布时间】:2018-08-02 15:58:27
【问题描述】:

我的目标是审核 Alfresco 中权限的删除。启用审核日志记录(生成 很多 个日志条目)时,删除组会导致这些日志条目(缩写):

/alfresco-api/pre/AuthorityService/deleteAuthority/args/name=GROUP_test_group_for_audit

/alfresco-node/beforeDeleteNode/node=workspace://SpacesStore/a4f5e9bb-6584-4997-a550-6080d0dce177

/alfresco-api/post/AuthorityService/deleteAuthority/args/name=GROUP_test_group_for_audit
/alfresco-api/post/AuthorityService/deleteAuthority/no-error=null

如果我正确理解文档,像这样的审核 XML 文件应该记录第一个事件:

<?xml version='1.0' encoding='UTF-8'?>

<Audit
    xmlns="http://www.alfresco.org/repo/audit/model/3.2"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.alfresco.org/repo/audit/model/3.2 alfresco-audit-3.2.xsd"
    >

    <DataExtractors>
       <DataExtractor name="simpleValue" registeredName="auditModel.extractor.simpleValue"/>
    </DataExtractors>

        <DataGenerators>
           <DataGenerator name="currentUser" class="org.alfresco.repo.audit.generator.AuthenticatedUserDataGenerator"/>
           <DataGenerator name="personFullName" class="org.alfresco.repo.audit.generator.AuthenticatedPersonDataGenerator"/>
        </DataGenerators>

    <PathMappings>
        <PathMap source="/alfresco-api/pre/AuthorityService/deleteAuthority" target="/deleteAuthority"/>
    </PathMappings>

    <Application name="DeleteAuthority" key="deleteAuthority">
        <AuditPath key="deleteAuthority">
            <RecordValue key="name" dataExtractor="simpleValue" dataSource="/deleteAuthority/args/name"/>
        </AuditPath>
    </Application>

</Audit>

请注意,在PathMapsource 中,我使用路径/alfresco-api/pre/AuthorityService/deleteAuthority,因为它出现在第一个日志条目中。这对我来说是正确的,尽管我很不确定 Application 元素应该是什么样子。

将其放入 XML 文件 tomcat/shared/classes/alfresco/extension/audit/alfresco-audit-deleteAuthority-extractors.xml 注册应用程序正确性:

$ curl -u 'admin:secret' http://alfresco:8080/alfresco/service/api/audit/control
{
   "enabled" : true,
   "applications": 
   [
      {
         "name": "Alfresco Tagging Service",
         "path" : "/tagging",
         "enabled" : true
      }
         ,
      {
         "name": "DeleteAuthority",
         "path" : "/deleteAuthority",
         "enabled" : true
      }
         ,
      {
         "name": "alfresco-access",
         "path" : "/alfresco-access",
         "enabled" : true
      }

   ]
}

但是当我现在删除一个组时,没有任何记录。对应用程序的查询返回空结果:

$ curl -u 'admin:secret' http://alfresco:8080/alfresco/service/api/audit/query/DeleteAuthority
{
   "count":0,
   "entries": 
   [
   ]
}

问题:我上面的审计应用配置是否正确?我将如何更改它以生成删除权限的审计条目?

【问题讨论】:

    标签: alfresco audit


    【解决方案1】:

    您的路径映射部分是正确的,但您的应用程序定义未正确设置以跟踪正确的路径。 您可能应该尝试以下方法:

    <?xml version='1.0' encoding='UTF-8'?>
    
    <Audit
        xmlns="http://www.alfresco.org/repo/audit/model/3.2"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.alfresco.org/repo/audit/model/3.2 alfresco-audit-3.2.xsd"
        >
    
        <DataExtractors>
           <DataExtractor name="simpleValue" registeredName="auditModel.extractor.simpleValue"/>
        </DataExtractors>
    
            <DataGenerators>
               <DataGenerator name="currentUser" registeredName="auditModel.generator.user"/>
            </DataGenerators>
    
        <PathMappings>
            <PathMap source="/alfresco-api/pre/AuthorityService/deleteAuthority" target="/deleteAuthority"/>
        </PathMappings>
    
        <Application name="DeleteAuthority" key="deleteAuthority">
            <AuditPath key="deleteAuthority">
                <RecordValue key="authority" dataExtractor="simpleValue" dataSource="/deleteAuthority/args/name" dataTrigger="/deleteAuthority/args/name"/>
                <GenerateValue key="deletingUser" dataGenerator="currentUser"/>
            </AuditPath>
        </Application>
    
    </Audit>
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2014-10-29
      • 2013-07-24
      • 2011-06-06
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多