Audit API : Hints and Tricks Mehdi BELMEKKI, Consultancy Team Alfresco.

Slides:



Advertisements
Similar presentations
Tridion 5.3 Templates.
Advertisements

Raptor Technical Details. Outline Workshop structured by Raptor workflow – Raptor Event model. – ICA log file parsing – ICA/MUA event storage – ICA event.
Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.
Field Audit Trail Lawson Learning
Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.
User Management DigiTool Version 3.0. User Management 2 User Architecture PatronsStaff Users DepositorsApprovers Meditor User Management Management Module.
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
© 2004, The Trustees of Indiana University 1 OneStart Workflow Basics Brian McGough, Manager, Systems Integration, UITS Ryan Kirkendall, Lead Developer.
Definitions Collaboration – working together on team projects and sharing information, often through ad-hoc processes, to accomplish project goals. Document.
5 Copyright © 2009, Oracle. All rights reserved. Defining ETL Mappings for Staging Data.
State of Connecticut Core-CT Project Query 4 hrs Updated 1/21/2011.
Sage CRM Developers Course
High-Speed, High Volume Document Storage, Retrieval, and Manipulation with Documentum and Snowbound March 8, 2007.
CIFS in Alfresco 4.0 Mark Rogers Senior Software Engineer, Alfresco.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
FireRMS SQL Audit, Archiving & Purging Presented by Laura Small FireRMS Quality Assurance.
BEST PRACTICES - Java By Configuration Use global-forwards/results Helps to avoid duplicate jsp files and redundancy forward mapping.
Developing Workflows with SharePoint Designer David Coe Application Development Consultant Microsoft Corporation.
Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.
WaveMaker Visual AJAX Studio 4.0 Training Authentication.
OASIS ebXML Registry Standard Open Forum 2003 on Metadata Registries 10:30 – 11:15 January 20, 2003 Kathryn Breininger The Boeing Company Chair, OASIS.
Data File Access API : Under the Hood Simon Horwith CTO Etrilogy Ltd.
Intel SFT CR Sept 2011 Release 9/28/ Minimize Command Line Params intelsftconfig.ini can now be used instead of the command line or used in conjunction.
Presentation. Recap A multi layer architecture powered by Spring Framework, ExtJS, Spring Security and Hibernate. Taken advantage of Spring’s multi layer.
Triggers A Quick Reference and Summary BIT 275. Triggers SQL code permits you to access only one table for an INSERT, UPDATE, or DELETE statement. The.
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
Introduction to RtReports – Tony Fenn & Chris Nelson Introduction to RtReports Chris Nelson - Senior Developer Tony Fenn - Product Manager.
FlexElink Winter presentation 26 February 2002 Flexible linking (and formatting) management software Hector Sanchez Universitat Jaume I Ing. Informatica.
Andrew S. Budarevsky Adaptive Application Data Management Overview.
MD – Object Model Domain eSales Checker Presentation Régis Elling 26 th October 2005.
Implementing the XDS Infrastructure Bill Majurski IT Infrastructure National Institute of Standards and Technology.
.  A multi layer architecture powered by Spring Framework, ExtJS, Spring Security and Hibernate.  Taken advantage of Spring’s multi layer injection.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Five Managing Addresses.
Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Search Overview Search Features: WSS and Office Search Architecture Content Sources and.
WLCG-RUS An Extensible Solution to Grid Accounting & Usage Monitoring EGEE 3 rd User Forum X. Chen, A. Khan Brunel University.
9 Copyright © 2009, Oracle. All rights reserved. Deploying and Reporting on ETL Jobs.
12 Copyright © 2009, Oracle. All rights reserved. Managing Backups, Development Changes, and Security.
 Shopping Basket  Stages to maintain shopping basket in framework  Viewing Shopping Basket.
A Technical Overview Bill Branan DuraCloud Technical Lead.
Hyperion Artifact Life Cycle Management Agenda  Overview  Demo  Tips & Tricks  Takeaways  Queries.
3 Copyright © 2007, Oracle. All rights reserved. Using the RMAN Recovery Catalog.
Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.
1 ECHO ECHO 9.0 for Data Partners Rob Baker January 23, 2007.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
Audit & Reporting with Alfresco & NoSQL architecture Lucas Patingre Alfresco consultant and technical lead at Zaizi.
Migrating from Legacy ECM Repositories to Alfresco Ray Wijangco Technology Services Group Alfresco Practice Lead.
 Project Team: Suzana Vaserman David Fleish Moran Zafir Tzvika Stein  Academic adviser: Dr. Mayer Goldberg  Technical adviser: Mr. Guy Wiener.
De Rigueur - Adding Process to Your Business Analytics Environment Diane Hatcher, SAS Institute Inc, Cary, NC Falko Schulz, SAS Institute Australia., Brisbane,
The Alfresco iOS SDK Gi Lee (Zia Consulting) Peter Schmidt (Alfresco)
Unlocking the Secrets of Alfresco Authentication Mehdi BELMEKKI, Consultancy Team Alfresco.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
#SummitNow Metadata Madness Ray Gauss II Digital Asset Management Architect.
Ask the Experts – Building Login-Based Sites in AEM
RFPMonkey.com Agenda Overview Logging in Personal Settings
Actions and Behaviours
Using E-Business Suite Attachments
Getting Started with Alfresco Development
CS520 Web Programming Spring – Inversion of Control
Cisco Data Virtualization
Entity Framework By: Casey Griffin.
Microsoft Dynamics.
EPIC INFOTECH CONSULTING GROUP
Saravana Kumar CEO/Founder - Kovai Atomic Scope – Product Update.
Metadata The metadata contains
HCI Project.
Developing and testing enterprise Java applications
AEM Operations Dec 2017.
SDMX IT Tools SDMX Registry
Presentation transcript:

Audit API : Hints and Tricks Mehdi BELMEKKI, Consultancy Team Alfresco

Agenda Introduction Talk objectives Audit Trail Mechanism : before 3.2 Auditing Alfresco 4 Data Producers Data Extractors and Generators Audit Filters Audit Applications Demos Developments tricks Questions

Introduction Mehdi Belmekki Technical consultant, Professional Service Team 5 years experience : Born and grow-up in Community : Graduated Community Contributor High-school Partners : Graduated RD University of Alfresco: Undergraduate Consultant ACA/ACE Based in Paris, France Area of expertise : Alfresco Share / Surf Framework / Authentication Subsystems / Audit Implementation

Talk objectives Overview of Audit Mechanism and components Explain how the data is recorded and extracted/generated Create custom extractors and generators Be able to create a custom audit application Filter recorded data based on custom criteria Share some developments tricks

Audit Trail Mechanism

Audit Trail Mechanism : Configuration Global auditConfig.xml file, customizable by overriding the bean Disable audit for some service’s methods Enable auditing for all service’s methods Disable audit for the whole service

Audit Trail Mechanism

Audit Trail Mechanism : Limitations Records everything / Records nothing Unable to filter logged data (system user and operations) Customizable only by overriding beans No “clean” way to cleanup the audit recorded values Directly query the DB: To get the login history for a given user:

Audit Trail Mechanism : Conclusion Not easy to use or query Custom Audit Application  Hibernate Coding Upgrade ? PITA Count recorded entries? Top read docs ? Top updated docs ?  Get all recorded data and then count  FTP / CIFS : not audited

Audit Trail Mechanism : TODO List The path to the key node ref Presence of Service/Method/Key Type/Key Path/Key NodeRef/Key Property filters Method arguments/return object Exception Summary (message, path, full stack serialised) Key Node properties before/after method invocation

Auditing Alfresco 4.X

Auditing in Alfresco 4: What’s new?

Auditing in Alfresco 4: Components Audit Interceptor Intercepts calls on an interface on its way to the target Access Auditor Intercept content-related events using behaviours Audit Component Record, Delete, Query, Enable/Disable audit, Extract Data, Generate Data Audit DAO Low level (DB) Select, Insert, Delete Audit Model Registry Store Audit Model Definition Detect duplicate application definitions Implemented as subsystem Expose global enablement property Expose application enablement property

Data Producers

Data producers AuditComponent Alfresco- api Alfresco- access Alfresco- node

Data producers : alfresco-api Audit and record values before and after the method invocation for all services/methods using AuditMethodInterceptor Low level summary Audit workflow instantiations User creations, deletion, updates Search params Etc…

Data Producers : Content Auditing (alfresco-access) High level auditing using AccessAuditor Login success, failures, logout Actions against nodes, properties, aspects, content, check in, versions Node create, move, copy, delete Property update Aspect add, remove Content read, update Check in, out and cancel Version create Transaction summary Independent of user interaction (use repository policies)

Data Producers : Content Auditing (alfresco-access)

Data producers : alfresco-node Used only to track/audit beforeDeleteNode policy

Data Extractors and Generators

Auditing Alfresco 4 : Data Extractors Java Interface Implements isSupported and extractData Extract data from auditable values, arguments, results, exceptions Out Of The Box provided Extractors : Node Name Node Type Null value Transparent E.g : sitename, node path, custom properties … NodeRef SiteService (bean) siteName

Auditing Alfresco 4 : Data Generators Java Interface Implements getData Extract data from NOTHING System state Thread Context Out Of The Box provided Extractors : Authenticated Person Authenticated User System Time Transaction ID Nothing getData AuthenticationService returns Username

Auditing Filters

Auditing Filters : GO || NO GO Storage Event 1 Audit Filter Audit Events Event 1Event 2

Auditing Filters : Used to reject auditing data we’ll never need/use Can specify both allowed/denied values to be audited Configured in Alfresco Global Properties audit.filter.alfresco-access.default.enabled=true audit.filter.alfresco-access.default.user=~System;.* audit.filter.alfresco-access.default.type=cm:folder;cm:content audit.filter.alfresco-access.default.path=/app:company_home/.* audit.filter.alfresco-access.transaction.user= audit.filter.alfresco-access.login.user=jblogs Can be configured for custom audit applications

Audit Applications

Recorded Values Audit Applications Raw Data NodeRef Node Poperties Action Path Mappings LogginApplication Data Generator UserName Simple Extractor Action Path Mappings SiteApplication Data Extractor SiteName Simple Extractor Action

Audit Applications : A “group-by” for audit data/events Answer the need to store/modify inbound data independently Application 1 stores siteName (extracted from NodeRef) Application 2 stores raw NodeRef Each application define how data is mapped, extracted, recorded without affecting data required by other applications Each of the audit logs can be enabled and disabled independently within the same server. Each audit application is defined in its own configuration file

Audit Applications : Login Audit Application

Audit Applications :

Demos : Share Audit Page in 10 minutes

Developments tricks

Developments tricks : Implement Top QueryCallBack AuditQueryCallbackImpl Override handleAuditEntry(entryId, app_name, user, time,values) E.g in webscript: entry.put(JSON_KEY_ENTRY_ID, entryId);… AuditQueryCallbackTopImpl E.g : if (countEntries.containsKey(node)) { countEntries.put(node, countEntries.get(node) + 1);} else {countEntries.put(node, 1); getAuditService().auditQuery(auditQueryCallback, parameters, 0); return auditQueryCallBack.getTopEntries();

Developments tricks : Migration from old mechanism to new one Use auditComponent.recordAuditValues method Migrated entries will have different transaction dates (rather than old original ones) The original dates can be stored/preserved in another AuditProperty

Questions ?