【发布时间】:2018-08-02 15:58:27
【问题描述】:
我的目标是审核 Alfresco 中权限的删除。启用审核日志记录(生成 很多 个日志条目)时,删除组会导致这些日志条目(缩写):
/alfresco-api/pre/AuthorityService/deleteAuthority/args/name=GROUP_test_group_for_audit
/alfresco-node/beforeDeleteNode/node=workspace://SpacesStore/a4f5e9bb-6584-4997-a550-6080d0dce177
/alfresco-api/post/AuthorityService/deleteAuthority/args/name=GROUP_test_group_for_audit
/alfresco-api/post/AuthorityService/deleteAuthority/no-error=null
如果我正确理解文档,像这样的审核 XML 文件应该记录第一个事件:
<?xml version='1.0' encoding='UTF-8'?>
<Audit
xmlns="http://www.alfresco.org/repo/audit/model/3.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.alfresco.org/repo/audit/model/3.2 alfresco-audit-3.2.xsd"
>
<DataExtractors>
<DataExtractor name="simpleValue" registeredName="auditModel.extractor.simpleValue"/>
</DataExtractors>
<DataGenerators>
<DataGenerator name="currentUser" class="org.alfresco.repo.audit.generator.AuthenticatedUserDataGenerator"/>
<DataGenerator name="personFullName" class="org.alfresco.repo.audit.generator.AuthenticatedPersonDataGenerator"/>
</DataGenerators>
<PathMappings>
<PathMap source="/alfresco-api/pre/AuthorityService/deleteAuthority" target="/deleteAuthority"/>
</PathMappings>
<Application name="DeleteAuthority" key="deleteAuthority">
<AuditPath key="deleteAuthority">
<RecordValue key="name" dataExtractor="simpleValue" dataSource="/deleteAuthority/args/name"/>
</AuditPath>
</Application>
</Audit>
请注意,在PathMap 的source 中,我使用路径/alfresco-api/pre/AuthorityService/deleteAuthority,因为它出现在第一个日志条目中。这对我来说是正确的,尽管我很不确定 Application 元素应该是什么样子。
将其放入 XML 文件 tomcat/shared/classes/alfresco/extension/audit/alfresco-audit-deleteAuthority-extractors.xml 注册应用程序正确性:
$ curl -u 'admin:secret' http://alfresco:8080/alfresco/service/api/audit/control
{
"enabled" : true,
"applications":
[
{
"name": "Alfresco Tagging Service",
"path" : "/tagging",
"enabled" : true
}
,
{
"name": "DeleteAuthority",
"path" : "/deleteAuthority",
"enabled" : true
}
,
{
"name": "alfresco-access",
"path" : "/alfresco-access",
"enabled" : true
}
]
}
但是当我现在删除一个组时,没有任何记录。对应用程序的查询返回空结果:
$ curl -u 'admin:secret' http://alfresco:8080/alfresco/service/api/audit/query/DeleteAuthority
{
"count":0,
"entries":
[
]
}
问题:我上面的审计应用配置是否正确?我将如何更改它以生成删除权限的审计条目?
【问题讨论】: