Understanding PathMappings - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

To create an audit configuration file, it is necessary to know which data can be audited and how the data is mapped onto your application.

  1. Turn on debugging for the inbound data. For a better understanding, you can turn on debug logging for the mapping components as well, although this is more verbose.
     $cat tomcat/shared/classes/alfresco/extension/audit-log4j2.properties
     logger.alfresco-repo-audit-AuditComponentImpl.name=org.alfresco.repo.audit.AuditComponentImpl
     logger.alfresco-repo-audit-AuditComponentImpl.level=debug
     logger.alfresco-repo-audit-inbound.name=org.alfresco.repo.audit.inbound
     logger.alfresco-repo-audit-inbound.level=debug
    					
  2. Tail the log file and examine the output.
  3. Log in as admin:
     16:47:37,434  DEBUG [repo.audit.inbound]
     Inbound audit values:
         /alfresco-api/pre/AuthenticationService/authenticate/args/userName=admin
     16:47:37,443 User:admin DEBUG [repo.audit.inbound]
     Inbound audit values:
         /alfresco-api/post/AuthenticationService/authenticate/no-error=null
         /alfresco-api/post/AuthenticationService/authenticate/args/userName=admin
    					
  4. From the inbound values (and if you have the AuditComponentImpl debugging on):
     16:47:37,445 User:System DEBUG [repo.audit.AuditComponentImpl] Extracted audit data:
        Application: AuditApplication[ name=AuditExampleLogin2, id=7, disabledPathsId=7]
        Raw values:  {/auditexamplelogin2/login=null}
        Extracted:   {}
     16:47:37,447 User:admin DEBUG [repo.audit.AuditComponentImpl] New audit entry:
        Application ID: 7
        Entry ID:       130
        Values:         {/auditexamplelogin2/login=null}
        Audit Data:     {/auditexamplelogin2/login/user=Administrator}
     16:47:37,447 User:System DEBUG [repo.audit.AuditComponentImpl] Extracted audit data:
        Application: AuditApplication[ name=AuditExampleLogin1, id=6, disabledPathsId=6]
        Raw values:  {/auditexamplelogin1/login/no-error=null, /auditexamplelogin1/login/args/userName=admin}
        Extracted:   {/auditexamplelogin1/login/no-error/user=admin}
     16:47:37,449 User:admin DEBUG [repo.audit.AuditComponentImpl] New audit entry:
        Application ID: 6
        Entry ID:       131
        Values:         {/auditexamplelogin1/login/no-error=null, /auditexamplelogin1/login/args/userName=admin}
        Audit Data:     {/auditexamplelogin1/login/no-error/user=admin}
    

    You can see that the AuthenticationService.authenticate method generate two sets of “inbound” data: the /alfresco-api/**pre**/AuthenticationService/authenticate data is passed through before the service call is processed; the /alfresco-api/**post**/AuthenticationService/authenticate data is passed through after the service call has been processed. When logging in successfully, the post-call data is generated with a no-error path.

  5. Perform a failed login with user joe.
     17:02:09,697  DEBUG [repo.audit.inbound]
     Inbound audit values:
         /alfresco-api/pre/AuthenticationService/authenticate/args/userName=joe
     17:02:09,704  DEBUG [repo.audit.inbound]
     Inbound audit values:
         /alfresco-api/post/AuthenticationService/authenticate/error=08200014 Failed to authenticate
        Started at:
           org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:188)
           ...
    

    This is translated and recorded:

     17:02:09,704 User:System DEBUG [repo.audit.AuditComponentImpl] Extracted audit data:
        Application: AuditApplication[ name=AuditExampleLogin1, id=6, disabledPathsId=6]
        Raw values:  {/auditexamplelogin1/login/error=08200014 Failed to authenticate
        Started at:
           org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:188)
           ...
     17:02:09,704  DEBUG [repo.audit.AuditComponentImpl] New audit entry:
        Application ID: 6
        E6try ID:       135
        Values:         {/auditexamplelogin1/login/error=08200016 Failed to authenticate
        Started at:
           org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:188)
           ...
        Audit Data:     {/auditexamplelogin1/login/error/user=joe}
    					
  6. Notice that the failed log in did not generate any data for audit application AuditExampleLogin2. To understand this, look at the PathMappings section of the example:
     <PathMappings>
       <PathMap source="/alfresco-api/post/AuthenticationService/authenticate" target="/auditexamplelogin1/login"/>
       <PathMap source="/alfresco-api/post/AuthenticationService/authenticate/no-error" target="/auditexamplelogin2/login"/>
     </PathMappings>
    

    Before any data is considered for persistence, the inbound data paths are remapped using the PathMappings configuration. The /auditexamplelogin2/login path is mapped onto .../no-error only, so failed logins were not recorded for the AuditExampleLogin2 audit application, while the AuditExampleLogin1 application recorded both successful and failed logins.