Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audit API : Hints and Tricks Mehdi BELMEKKI, Consultancy Team Alfresco.

Published byDaniela Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Audit API : Hints and Tricks Mehdi BELMEKKI, Consultancy Team Alfresco."— Presentation transcript:

1 Audit API : Hints and Tricks Mehdi BELMEKKI, Consultancy Team Alfresco

2 Agenda Introduction Talk objectives Audit Trail Mechanism : before 3.2 Auditing Alfresco 4 Data Producers Data Extractors and Generators Audit Filters Audit Applications Demos Developments tricks Questions

3 Introduction Mehdi Belmekki Technical consultant, Professional Service Team 5 years experience : Born and grow-up in Community : Graduated Community Contributor High-school Partners : Graduated RD University of Alfresco: Undergraduate Consultant ACA/ACE Based in Paris, France Area of expertise : Alfresco Share / Surf Framework / Authentication Subsystems / Audit Implementation Mehdi.belmekki@alfresco.com

4 Talk objectives Overview of Audit Mechanism and components Explain how the data is recorded and extracted/generated Create custom extractors and generators Be able to create a custom audit application Filter recorded data based on custom criteria Share some developments tricks

5 Audit Trail Mechanism

6 Audit Trail Mechanism : Configuration Global auditConfig.xml file, customizable by overriding the bean Disable audit for some service’s methods Enable auditing for all service’s methods Disable audit for the whole service

7 Audit Trail Mechanism

8 Audit Trail Mechanism : Limitations Records everything / Records nothing Unable to filter logged data (system user and operations) Customizable only by overriding beans No “clean” way to cleanup the audit recorded values Directly query the DB: To get the login history for a given user:

9 Audit Trail Mechanism : Conclusion Not easy to use or query Custom Audit Application  Hibernate Coding Upgrade ? PITA Count recorded entries? Top read docs ? Top updated docs ?  Get all recorded data and then count  FTP / CIFS : not audited

10 Audit Trail Mechanism : TODO List The path to the key node ref Presence of Service/Method/Key Type/Key Path/Key NodeRef/Key Property filters Method arguments/return object Exception Summary (message, path, full stack serialised) Key Node properties before/after method invocation

11 Auditing Alfresco 4.X

12 Auditing in Alfresco 4: What’s new?

13 Auditing in Alfresco 4: Components Audit Interceptor Intercepts calls on an interface on its way to the target Access Auditor Intercept content-related events using behaviours Audit Component Record, Delete, Query, Enable/Disable audit, Extract Data, Generate Data Audit DAO Low level (DB) Select, Insert, Delete Audit Model Registry Store Audit Model Definition Detect duplicate application definitions Implemented as subsystem Expose global enablement property Expose application enablement property

14 Data Producers

15 Data producers AuditComponent Alfresco- api Alfresco- access Alfresco- node

16 Data producers : alfresco-api Audit and record values before and after the method invocation for all services/methods using AuditMethodInterceptor Low level summary Audit workflow instantiations User creations, deletion, updates Search params Etc…

17 Data Producers : Content Auditing (alfresco-access) High level auditing using AccessAuditor Login success, failures, logout Actions against nodes, properties, aspects, content, check in, versions Node create, move, copy, delete Property update Aspect add, remove Content read, update Check in, out and cancel Version create Transaction summary Independent of user interaction (use repository policies)

18 Data Producers : Content Auditing (alfresco-access)

19 Data producers : alfresco-node Used only to track/audit beforeDeleteNode policy

20 Data Extractors and Generators

21 Auditing Alfresco 4 : Data Extractors Java Interface Implements isSupported and extractData Extract data from auditable values, arguments, results, exceptions Out Of The Box provided Extractors : Node Name Node Type Null value Transparent E.g : sitename, node path, custom properties … NodeRef SiteService (bean) siteName

22 Auditing Alfresco 4 : Data Generators Java Interface Implements getData Extract data from NOTHING System state Thread Context Out Of The Box provided Extractors : Authenticated Person Authenticated User System Time Transaction ID Nothing getData AuthenticationService returns Username

23 Auditing Filters

24 Auditing Filters : GO || NO GO Storage Event 1 Audit Filter Audit Events Event 1Event 2

25 Auditing Filters : Used to reject auditing data we’ll never need/use Can specify both allowed/denied values to be audited Configured in Alfresco Global Properties audit.filter.alfresco-access.default.enabled=true audit.filter.alfresco-access.default.user=~System;.* audit.filter.alfresco-access.default.type=cm:folder;cm:content audit.filter.alfresco-access.default.path=/app:company_home/.* audit.filter.alfresco-access.transaction.user= audit.filter.alfresco-access.login.user=jblogs Can be configured for custom audit applications

26 Audit Applications

27 Recorded Values Audit Applications Raw Data NodeRef Node Poperties Action Path Mappings LogginApplication Data Generator UserName Simple Extractor Action Path Mappings SiteApplication Data Extractor SiteName Simple Extractor Action

28 Audit Applications : A “group-by” for audit data/events Answer the need to store/modify inbound data independently Application 1 stores siteName (extracted from NodeRef) Application 2 stores raw NodeRef Each application define how data is mapped, extracted, recorded without affecting data required by other applications Each of the audit logs can be enabled and disabled independently within the same server. Each audit application is defined in its own configuration file

29 Audit Applications : Login Audit Application

30 Audit Applications :

31 Demos : Share Audit Page in 10 minutes

32 Developments tricks

33 Developments tricks : Implement Top QueryCallBack AuditQueryCallbackImpl Override handleAuditEntry(entryId, app_name, user, time,values) E.g in webscript: entry.put(JSON_KEY_ENTRY_ID, entryId);… AuditQueryCallbackTopImpl E.g : if (countEntries.containsKey(node)) { countEntries.put(node, countEntries.get(node) + 1);} else {countEntries.put(node, 1); getAuditService().auditQuery(auditQueryCallback, parameters, 0); return auditQueryCallBack.getTopEntries();

34 Developments tricks : Migration from old mechanism to new one Use auditComponent.recordAuditValues method Migrated entries will have different transaction dates (rather than old original ones) The original dates can be stored/preserved in another AuditProperty

35 Questions ?

Download ppt "Audit API : Hints and Tricks Mehdi BELMEKKI, Consultancy Team Alfresco."

Similar presentations

Tridion 5.3 Templates.

Tridion 5.3 Templates.
Raptor Technical Details. Outline Workshop structured by Raptor workflow – Raptor Event model. – ICA log file parsing – ICA/MUA event storage – ICA event.

Raptor Technical Details. Outline Workshop structured by Raptor workflow – Raptor Event model. – ICA log file parsing – ICA/MUA event storage – ICA event.
Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.

Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.
Field Audit Trail Lawson Learning education@lawson.com.

Field Audit Trail Lawson Learning
Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.

Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.
User Management DigiTool Version 3.0. User Management 2 User Architecture PatronsStaff Users DepositorsApprovers Meditor User Management Management Module.

User Management DigiTool Version 3.0. User Management 2 User Architecture PatronsStaff Users DepositorsApprovers Meditor User Management Management Module.
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
© 2004, The Trustees of Indiana University 1 OneStart Workflow Basics Brian McGough, Manager, Systems Integration, UITS Ryan Kirkendall, Lead Developer.

© 2004, The Trustees of Indiana University 1 OneStart Workflow Basics Brian McGough, Manager, Systems Integration, UITS Ryan Kirkendall, Lead Developer.
Definitions Collaboration – working together on team projects and sharing information, often through ad-hoc processes, to accomplish project goals. Document.

Definitions Collaboration – working together on team projects and sharing information, often through ad-hoc processes, to accomplish project goals. Document.
5 Copyright © 2009, Oracle. All rights reserved. Defining ETL Mappings for Staging Data.

5 Copyright © 2009, Oracle. All rights reserved. Defining ETL Mappings for Staging Data.
State of Connecticut Core-CT Project Query 4 hrs Updated 1/21/2011.

State of Connecticut Core-CT Project Query 4 hrs Updated 1/21/2011.
Sage CRM Developers Course

Sage CRM Developers Course
High-Speed, High Volume Document Storage, Retrieval, and Manipulation with Documentum and Snowbound March 8, 2007.

High-Speed, High Volume Document Storage, Retrieval, and Manipulation with Documentum and Snowbound March 8, 2007.
CIFS in Alfresco 4.0 Mark Rogers Senior Software Engineer, Alfresco.

CIFS in Alfresco 4.0 Mark Rogers Senior Software Engineer, Alfresco.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
FireRMS SQL Audit, Archiving & Purging Presented by Laura Small FireRMS Quality Assurance.

FireRMS SQL Audit, Archiving & Purging Presented by Laura Small FireRMS Quality Assurance.
BEST PRACTICES - Java By www.PPTSWorld.com. Configuration Use global-forwards/results Helps to avoid duplicate jsp files and redundancy forward mapping.

BEST PRACTICES - Java By Configuration Use global-forwards/results Helps to avoid duplicate jsp files and redundancy forward mapping.
Developing Workflows with SharePoint Designer David Coe Application Development Consultant Microsoft Corporation.

Developing Workflows with SharePoint Designer David Coe Application Development Consultant Microsoft Corporation.
Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.

Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.

Similar presentations

Ads by Google