use of org.alfresco.error.AlfrescoRuntimeException in project records-management by Alfresco.
the class RecordsManagementAuditServiceImpl method getAuditTrailImpl.
/**
* Get the audit trail, optionally dumping the results the the given writer dumping to a list.
*
* @param params the search parameters
* @param results the list to which individual results will be dumped
* @param writer Writer to write the audit trail
* @param reportFormat Format to write the audit trail in, ignored if writer is <code>null</code>
*/
protected void getAuditTrailImpl(final RecordsManagementAuditQueryParameters params, final List<RecordsManagementAuditEntry> results, final Writer writer, final ReportFormat reportFormat) throws IOException {
if (logger.isDebugEnabled()) {
logger.debug("Retrieving audit trail in '" + reportFormat + "' format using parameters: " + params);
}
// define the callback
AuditQueryCallback callback = new AuditQueryCallback() {
private boolean firstEntry = true;
@Override
public boolean valuesRequired() {
return true;
}
/**
* Just log the error, but continue
*/
@Override
public boolean handleAuditEntryError(Long entryId, String errorMsg, Throwable error) {
logger.warn(errorMsg, error);
return true;
}
@Override
@SuppressWarnings("unchecked")
public boolean handleAuditEntry(Long entryId, String applicationName, String user, long time, Map<String, Serializable> values) {
// Check for context shutdown
if (shutdown) {
return false;
}
Date timestamp = new Date(time);
String eventName = null;
String fullName = null;
String userRoles = null;
NodeRef nodeRef = null;
String nodeName = null;
String nodeType = null;
String nodeIdentifier = null;
String namePath = null;
Map<QName, Serializable> beforeProperties = null;
Map<QName, Serializable> afterProperties = null;
if (values.containsKey(RM_AUDIT_DATA_EVENT_NAME)) {
// This data is /RM/event/...
eventName = (String) values.get(RM_AUDIT_DATA_EVENT_NAME);
fullName = (String) values.get(RM_AUDIT_DATA_PERSON_FULLNAME);
userRoles = (String) values.get(RM_AUDIT_DATA_PERSON_ROLES);
nodeRef = (NodeRef) values.get(RM_AUDIT_DATA_NODE_NODEREF);
nodeName = (String) values.get(RM_AUDIT_DATA_NODE_NAME);
QName nodeTypeQname = (QName) values.get(RM_AUDIT_DATA_NODE_TYPE);
nodeIdentifier = (String) values.get(RM_AUDIT_DATA_NODE_IDENTIFIER);
namePath = (String) values.get(RM_AUDIT_DATA_NODE_NAMEPATH);
beforeProperties = (Map<QName, Serializable>) values.get(RM_AUDIT_DATA_NODE_CHANGES_BEFORE);
afterProperties = (Map<QName, Serializable>) values.get(RM_AUDIT_DATA_NODE_CHANGES_AFTER);
// Convert some of the values to recognizable forms
nodeType = null;
if (nodeTypeQname != null) {
TypeDefinition typeDef = dictionaryService.getType(nodeTypeQname);
nodeType = (typeDef != null) ? typeDef.getTitle(dictionaryService) : null;
}
} else if (values.containsKey(DOD5015_AUDIT_DATA_EVENT_NAME)) {
// This data is /RM/event/...
eventName = (String) values.get(DOD5015_AUDIT_DATA_EVENT_NAME);
fullName = (String) values.get(DOD5015_AUDIT_DATA_PERSON_FULLNAME);
userRoles = (String) values.get(DOD5015_AUDIT_DATA_PERSON_ROLES);
nodeRef = (NodeRef) values.get(DOD5015_AUDIT_DATA_NODE_NODEREF);
nodeName = (String) values.get(DOD5015_AUDIT_DATA_NODE_NAME);
QName nodeTypeQname = (QName) values.get(DOD5015_AUDIT_DATA_NODE_TYPE);
nodeIdentifier = (String) values.get(DOD5015_AUDIT_DATA_NODE_IDENTIFIER);
namePath = (String) values.get(DOD5015_AUDIT_DATA_NODE_NAMEPATH);
beforeProperties = (Map<QName, Serializable>) values.get(DOD5015_AUDIT_DATA_NODE_CHANGES_BEFORE);
afterProperties = (Map<QName, Serializable>) values.get(DOD5015_AUDIT_DATA_NODE_CHANGES_AFTER);
// Convert some of the values to recognizable forms
nodeType = null;
if (nodeTypeQname != null) {
TypeDefinition typeDef = dictionaryService.getType(nodeTypeQname);
nodeType = (typeDef != null) ? typeDef.getTitle(dictionaryService) : null;
}
} else if (values.containsKey(RM_AUDIT_DATA_LOGIN_USERNAME)) {
user = (String) values.get(RM_AUDIT_DATA_LOGIN_USERNAME);
if (values.containsKey(RM_AUDIT_DATA_LOGIN_ERROR)) {
eventName = RM_AUDIT_EVENT_LOGIN_FAILURE;
// The user didn't log in
fullName = user;
} else {
eventName = RM_AUDIT_EVENT_LOGIN_SUCCESS;
fullName = (String) values.get(RM_AUDIT_DATA_LOGIN_FULLNAME);
}
} else if (values.containsKey(DOD5015_AUDIT_DATA_LOGIN_USERNAME)) {
user = (String) values.get(DOD5015_AUDIT_DATA_LOGIN_USERNAME);
if (values.containsKey(DOD5015_AUDIT_DATA_LOGIN_ERROR)) {
eventName = RM_AUDIT_EVENT_LOGIN_FAILURE;
// The user didn't log in
fullName = user;
} else {
eventName = RM_AUDIT_EVENT_LOGIN_SUCCESS;
fullName = (String) values.get(DOD5015_AUDIT_DATA_LOGIN_FULLNAME);
}
} else {
// This is not recognisable data
logger.warn("Unable to process audit entry for RM. Unexpected data: \n" + " Entry: " + entryId + "\n" + " Data: " + values);
// Skip it
return true;
}
if (nodeRef != null && nodeService.exists(nodeRef) && !AccessStatus.ALLOWED.equals(capabilityService.getCapabilityAccessState(nodeRef, ACCESS_AUDIT_CAPABILITY))) {
return true;
}
// TODO: Refactor this to use the builder pattern
RecordsManagementAuditEntry entry = new RecordsManagementAuditEntry(timestamp, user, fullName, // A concatenated string of roles
userRoles, nodeRef, nodeName, nodeType, eventName, nodeIdentifier, namePath, beforeProperties, afterProperties);
// write out the entry to the file in requested format
writeEntryToFile(entry);
if (results != null) {
results.add(entry);
}
if (logger.isDebugEnabled()) {
logger.debug(" " + entry);
}
// Keep going
return true;
}
private void writeEntryToFile(RecordsManagementAuditEntry entry) {
if (writer == null) {
return;
}
try {
if (!firstEntry) {
if (reportFormat == ReportFormat.HTML) {
writer.write("\n");
} else {
writer.write(",");
}
} else {
firstEntry = false;
}
// write the entry to the file
if (reportFormat == ReportFormat.JSON) {
writer.write("\n\t\t");
}
writeAuditTrailEntry(writer, entry, reportFormat);
} catch (IOException ioe) {
throw new AlfrescoRuntimeException(MSG_TRAIL_FILE_FAIL, ioe);
}
}
};
String user = params.getUser();
Long fromTime = getFromDateTime(params.getDateFrom());
Long toTime = getToDateTime(params.getDateTo());
NodeRef nodeRef = params.getNodeRef();
int maxEntries = params.getMaxEntries();
// Reverse order if the results are limited
boolean forward = maxEntries > 0 ? false : true;
// start the audit trail report
writeAuditTrailHeader(writer, params, reportFormat);
if (logger.isDebugEnabled()) {
logger.debug("RM Audit: Issuing query: " + params);
}
// Build audit query parameters
AuditQueryParameters dod5015AuditQueryParams = new AuditQueryParameters();
dod5015AuditQueryParams.setForward(forward);
dod5015AuditQueryParams.setApplicationName(DOD5015_AUDIT_APPLICATION_NAME);
dod5015AuditQueryParams.setUser(user);
dod5015AuditQueryParams.setFromTime(fromTime);
dod5015AuditQueryParams.setToTime(toTime);
if (nodeRef != null) {
dod5015AuditQueryParams.addSearchKey(DOD5015_AUDIT_DATA_NODE_NODEREF, nodeRef);
}
//
AuditQueryParameters auditQueryParams = new AuditQueryParameters();
auditQueryParams.setForward(forward);
auditQueryParams.setApplicationName(RM_AUDIT_APPLICATION_NAME);
auditQueryParams.setUser(user);
auditQueryParams.setFromTime(fromTime);
auditQueryParams.setToTime(toTime);
if (nodeRef != null) {
auditQueryParams.addSearchKey(RM_AUDIT_DATA_NODE_NODEREF, nodeRef);
} else if (params.getEvent() != null) {
auditQueryParams.addSearchKey(RM_AUDIT_DATA_EVENT_NAME, params.getEvent());
}
// Get audit entries
SiteInfo siteInfo = siteService.getSite(DEFAULT_SITE_NAME);
if (siteInfo != null) {
QName siteType = nodeService.getType(siteInfo.getNodeRef());
if (siteType.equals(TYPE_DOD_5015_SITE)) {
auditService.auditQuery(callback, dod5015AuditQueryParams, maxEntries);
}
}
// We always need to make the standard query - regardless of the type of RM site (to get events like RM site created).
auditService.auditQuery(callback, auditQueryParams, maxEntries);
// finish off the audit trail report
writeAuditTrailFooter(writer, reportFormat);
// audit that the audit has been view'ed
if (nodeRef == null) {
// grab the default file plan, but don't fail if it can't be found!
nodeRef = filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
}
auditEvent(nodeRef, AUDIT_EVENT_VIEW, null, null, true);
}
use of org.alfresco.error.AlfrescoRuntimeException in project records-management by Alfresco.
the class RMEntryVoter method vote.
/**
* @see net.sf.acegisecurity.vote.AccessDecisionVoter#vote(net.sf.acegisecurity.Authentication, java.lang.Object, net.sf.acegisecurity.ConfigAttributeDefinition)
*/
@SuppressWarnings("rawtypes")
public int vote(Authentication authentication, Object object, net.sf.acegisecurity.ConfigAttributeDefinition config) {
// logging
RMMethodSecurityInterceptor.isRMSecurityChecked(true);
MethodInvocation mi = (MethodInvocation) object;
if (transactionalResourceHelper.isResourcePresent("voting")) {
if (logger.isDebugEnabled()) {
logger.debug(" .. grant access already voting: " + mi.getMethod().getDeclaringClass().getName() + "." + mi.getMethod().getName());
}
return AccessDecisionVoter.ACCESS_GRANTED;
}
if (logger.isDebugEnabled()) {
logger.debug("Method: " + mi.getMethod().getDeclaringClass().getName() + "." + mi.getMethod().getName());
}
alfrescoTransactionSupport.bindResource("voting", true);
try {
// The system user can do anything
if (authenticationUtil.isRunAsUserTheSystemUser()) {
if (logger.isDebugEnabled()) {
logger.debug("Access granted for the system user");
}
return AccessDecisionVoter.ACCESS_GRANTED;
}
List<ConfigAttributeDefinition> supportedDefinitions = extractSupportedDefinitions(config);
// No RM definitions so we do not vote
if (supportedDefinitions.size() == 0) {
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
// check we have an instance of a method invocation
if (!(object instanceof MethodInvocation)) {
// we expect a method invocation
throw new AlfrescoRuntimeException("Passed object is not an instance of MethodInvocation as expected.");
}
// get information about the method
MethodInvocation invocation = (MethodInvocation) object;
Method method = invocation.getMethod();
Class[] params = method.getParameterTypes();
for (ConfigAttributeDefinition cad : supportedDefinitions) {
// Whatever is found first takes precedence
if (cad.getTypeString().equals(ConfigAttributeDefinition.RM_DENY)) {
// log message
RMMethodSecurityInterceptor.addMessage("RM_DENY: check that a security policy has been set for this method");
return AccessDecisionVoter.ACCESS_DENIED;
} else if (cad.getTypeString().equals(ConfigAttributeDefinition.RM_ABSTAIN)) {
return AccessDecisionVoter.ACCESS_ABSTAIN;
} else if (cad.getTypeString().equals(ConfigAttributeDefinition.RM_ALLOW)) {
return AccessDecisionVoter.ACCESS_GRANTED;
} else // It is distinguished from RM_ALLOW so query may have additional behaviour in the future
if (cad.getTypeString().equals(ConfigAttributeDefinition.RM_QUERY)) {
return AccessDecisionVoter.ACCESS_GRANTED;
} else // These entries effectively abstain
if (((cad.getParameters().get(0) != null) && (cad.getParameters().get(0) >= invocation.getArguments().length)) || ((cad.getParameters().get(1) != null) && (cad.getParameters().get(1) >= invocation.getArguments().length))) {
continue;
} else if (cad.getTypeString().equals(ConfigAttributeDefinition.RM_CAP)) {
switch(checkCapability(invocation, params, cad)) {
case AccessDecisionVoter.ACCESS_DENIED:
{
return AccessDecisionVoter.ACCESS_DENIED;
}
case AccessDecisionVoter.ACCESS_ABSTAIN:
{
if (logger.isDebugEnabled()) {
if (logger.isTraceEnabled()) {
logger.trace("Capability " + cad.getRequired() + " abstained for " + invocation.getMethod(), new IllegalStateException());
} else {
logger.debug("Capability " + cad.getRequired() + " abstained for " + invocation.getMethod());
}
}
// abstain denies
return AccessDecisionVoter.ACCESS_DENIED;
}
case AccessDecisionVoter.ACCESS_GRANTED:
{
break;
}
}
} else if (cad.getTypeString().equals(ConfigAttributeDefinition.RM)) {
switch(checkPolicy(invocation, params, cad)) {
case AccessDecisionVoter.ACCESS_DENIED:
{
// log message
RMMethodSecurityInterceptor.addMessage("Policy " + cad.getPolicyName() + " denied.");
return AccessDecisionVoter.ACCESS_DENIED;
}
case AccessDecisionVoter.ACCESS_ABSTAIN:
{
if (logger.isDebugEnabled()) {
if (logger.isTraceEnabled()) {
logger.trace("Policy " + cad.getPolicyName() + " abstained for " + invocation.getMethod(), new IllegalStateException());
} else {
logger.debug("Policy " + cad.getPolicyName() + " abstained for " + invocation.getMethod());
}
}
// abstain denies
return AccessDecisionVoter.ACCESS_DENIED;
}
case AccessDecisionVoter.ACCESS_GRANTED:
{
break;
}
}
}
}
} finally {
alfrescoTransactionSupport.unbindResource("voting");
}
// all voted to allow
return AccessDecisionVoter.ACCESS_GRANTED;
}
use of org.alfresco.error.AlfrescoRuntimeException in project records-management by Alfresco.
the class EditDispositionActionAsOfDateAction method executeImpl.
/**
* @see org.alfresco.repo.action.executer.ActionExecuterAbstractBase#executeImpl(org.alfresco.service.cmr.action.Action,
* org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
protected void executeImpl(Action action, NodeRef actionedUponNodeRef) {
if (this.getNodeService().hasAspect(actionedUponNodeRef, ASPECT_DISPOSITION_LIFECYCLE)) {
// Get the action parameter
Date asOfDate = (Date) action.getParameterValue(PARAM_AS_OF_DATE);
if (asOfDate == null) {
throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_VALID_DATE_DISP_ASOF));
}
// Set the dispostion action as of date
DispositionAction da = getDispositionService().getNextDispositionAction(actionedUponNodeRef);
if (da != null) {
getNodeService().setProperty(da.getNodeRef(), PROP_DISPOSITION_AS_OF, asOfDate);
getNodeService().setProperty(da.getNodeRef(), PROP_MANUALLY_SET_AS_OF, true);
}
} else {
throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_DISP_ASOF_LIFECYCLE_APPLIED));
}
}
use of org.alfresco.error.AlfrescoRuntimeException in project records-management by Alfresco.
the class RecordsManagementSearchParameters method toJSONObject.
public JSONObject toJSONObject(NamespaceService namespaceService) {
try {
JSONObject jsonObject = new JSONObject();
jsonObject.put(JSON_MAXITEMS, maxItems);
jsonObject.put(JSON_RECORDS, includeRecords);
jsonObject.put(JSON_UNDECLAREDRECORDS, includeUndeclaredRecords);
jsonObject.put(JSON_VITALRECORDS, includeVitalRecords);
jsonObject.put(JSON_RECORDFOLDERES, includeRecordFolders);
jsonObject.put(JSON_FROZEN, includeFrozen);
jsonObject.put(JSON_CUTOFF, includeCutoff);
// Included containers
JSONArray jsonArray = new JSONArray();
for (QName containerType : includedContainerTypes) {
jsonArray.put(containerType.toPrefixString(namespaceService));
}
jsonObject.put(JSON_CONTAINERTYPES, jsonArray);
// Sort
JSONArray jsonSortArray = new JSONArray();
for (SortItem entry : sortOrder) {
JSONObject jsonEntry = new JSONObject();
jsonEntry.put(JSON_FIELD, entry.property.toPrefixString(namespaceService));
jsonEntry.put(JSON_ASCENDING, entry.assc);
jsonSortArray.put(jsonEntry);
}
jsonObject.put(JSON_SORT, jsonSortArray);
return jsonObject;
} catch (JSONException e) {
throw new AlfrescoRuntimeException("Unable to generate json string for records management search parameters.", e);
}
}
use of org.alfresco.error.AlfrescoRuntimeException in project records-management by Alfresco.
the class RecordsManagementSearchParameters method createFromJSON.
/**
* @param jsonObject
* @return
*/
public static RecordsManagementSearchParameters createFromJSON(JSONObject jsonObject, NamespaceService namespaceService) {
try {
RecordsManagementSearchParameters searchParameters = new RecordsManagementSearchParameters();
// Get the search parameter properties
if (jsonObject.has(JSON_MAXITEMS)) {
searchParameters.setMaxItems(jsonObject.getInt(JSON_MAXITEMS));
}
if (jsonObject.has(JSON_RECORDS)) {
searchParameters.setIncludeRecords(jsonObject.getBoolean(JSON_RECORDS));
}
if (jsonObject.has(JSON_UNDECLAREDRECORDS)) {
searchParameters.setIncludeUndeclaredRecords(jsonObject.getBoolean(JSON_UNDECLAREDRECORDS));
}
if (jsonObject.has(JSON_VITALRECORDS)) {
searchParameters.setIncludeVitalRecords(jsonObject.getBoolean(JSON_VITALRECORDS));
}
if (jsonObject.has(JSON_RECORDFOLDERES)) {
searchParameters.setIncludeRecordFolders(jsonObject.getBoolean(JSON_RECORDFOLDERES));
}
if (jsonObject.has(JSON_FROZEN)) {
searchParameters.setIncludeFrozen(jsonObject.getBoolean(JSON_FROZEN));
}
if (jsonObject.has(JSON_CUTOFF)) {
searchParameters.setIncludeCutoff(jsonObject.getBoolean(JSON_CUTOFF));
}
// Get container types
if (jsonObject.has(JSON_CONTAINERTYPES)) {
JSONArray jsonArray = jsonObject.getJSONArray(JSON_CONTAINERTYPES);
List<QName> containerTypes = new ArrayList<QName>(jsonArray.length());
for (int i = 0; i < jsonArray.length(); i++) {
String type = jsonArray.getString(i);
containerTypes.add(QName.createQName(type, namespaceService));
}
searchParameters.setIncludedContainerTypes(containerTypes);
}
// Get sort details
if (jsonObject.has(JSON_SORT)) {
JSONArray jsonArray = jsonObject.getJSONArray(JSON_SORT);
List<SortItem> sortOrder = new ArrayList<SortItem>(jsonArray.length());
for (int i = 0; i < jsonArray.length(); i++) {
JSONObject sortJSONObject = jsonArray.getJSONObject(i);
if (sortJSONObject.has(JSON_FIELD) && sortJSONObject.has(JSON_ASCENDING)) {
sortOrder.add(new SortItem(QName.createQName(sortJSONObject.getString(JSON_FIELD), namespaceService), sortJSONObject.getBoolean(JSON_ASCENDING)));
}
}
searchParameters.setSortOrder(sortOrder);
}
return searchParameters;
} catch (JSONException e) {
throw new AlfrescoRuntimeException("Unable to create records management search parameters from json string. " + jsonObject.toString(), e);
}
}
Aggregations