Package org.alfresco.repo.audit

Class PropertyAuditFilter

java.lang.Object
org.alfresco.repo.audit.PropertyAuditFilter
All Implemented Interfaces:
AuditFilter
public class PropertyAuditFilter extends Object implements AuditFilter
Filter using property file values to accept or reject audit map values.

The last component in the rootPath is considered to be the event action. The keys in an audit map identify each audit value. Properties may be defined to accept or reject each value. If any value in an audit map is rejected, the whole map is rejected. So that one does not have to define too many properties, a 'default' event action property may be defined. This will be inherited by all actions unless a property is defined for a particular event action. For example: 

   audit.filter.alfresco-access.default.enabled=true
   audit.filter.alfresco-access.default.user=~System;.*
   audit.filter.alfresco-access.default.type=cm:folder;cm:content;st:site
   audit.filter.alfresco-access.default.path=/app:company_home/.*
   audit.filter.alfresco-access.transaction.user=
   audit.filter.alfresco-access.login.user=jblogs
   ...
Each property value defines a list of regular expressions that will be used to match the actual audit map values. In the above example, events created by any user except for the internal user 'System' will be recorded by default for all event actions. However the property for the 'transaction' event action overrides this to record even 'System' events.

For any filters to be applied to an event action, that action's filters must be enabled with an 'enabled' property set to "true". However this may also be done by using the 'default' event action, as shown above.

Note: Property names have a "audit.filter." prefix and use '.' as a separator where as components of rootPath and keys in the audit map use '/'. The following is an example rootPath and audit map which could be used with the corresponding property names shown above: 

     rootPath                       auditMap
     "/alfresco-access/transaction" "user" => "System"
                                    "path" => "/app:company_home/st:sites/cm:mysite/cm:documentLibrary/cm:folder1"
                                    "type" => "cm:folder"
                                    "node" => ...
Lists are evaluated from left to right allowing one flexibility to accept or reject different combinations of values. If no match is made by the end of the list the value is rejected. If there is not a property for a given value or an empty list is defined (as above for the user value on a transaction action) any value is accepted.

Each regular expression in the list is separated by a ';'. Expressions that include a ';' may be escaped using a '\'. An expression that starts with a '~' indicates that any matching value should be rejected. If the first character of an expression needs to be a '~' it too may be escaped with a '\'.

A property value may be a reference to another property, which saves having multiple copies. This is indicated by a '$' as the first character of the property value. If the first character of an expression needs to be a '$' it too may be escaped with a '\'. For example: 

   audit.filter.alfresco-access.default.type=cm:folder;cm:content
   audit.filter.alfresco-access.moveNode.from.type=$audit.filter.alfresco-access.default.type
Author:
Alan Davis

  • Constructor Details

    • PropertyAuditFilter

      public PropertyAuditFilter()

  • Method Details

    • setProperties

      public void setProperties(Properties properties)
      Set the properties object holding filter configuration
      Since:
      3.2

    • accept

      public boolean accept(String rootPath, Map<String,Serializable> auditMap)
      Description copied from interface: AuditFilter
      Returns true if the audit map values have not been discarded by audit filters.
      Specified by:
      accept in interface AuditFilter
      Parameters:
      rootPath - String
      auditMap - Map of values to audit, mapped by AuditPath key relative to root path.
      Returns:
      boolean