ModelAuditService to support proper audit autz and the time machine (…

…MID-3471)
Evolveum · Oct 28, 2016 · e9b3313 · e9b3313
1 parent 0904ce8
commit e9b3313
Show file tree

Hide file tree

Showing 10 changed files with 215 additions and 27 deletions.
diff --git a/...-gui/src/main/java/com/evolveum/midpoint/web/component/data/BaseSortableDataProvider.java b/...-gui/src/main/java/com/evolveum/midpoint/web/component/data/BaseSortableDataProvider.java
@@ -19,6 +19,7 @@
 import com.evolveum.midpoint.audit.api.AuditService;
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
+import com.evolveum.midpoint.model.api.ModelAuditService;
 import com.evolveum.midpoint.model.api.ModelInteractionService;
 import com.evolveum.midpoint.model.api.ModelService;
 import com.evolveum.midpoint.model.api.TaskService;
@@ -117,7 +118,7 @@ protected WorkflowService getWorkflowService() {
         return application.getWorkflowService();
     }
 
-    protected AuditService getAuditService() {
+    protected ModelAuditService getAuditService() {
         MidPointApplication application = (MidPointApplication) MidPointApplication.get();
         return application.getAuditService();
     }

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointApplication.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointApplication.java
@@ -65,6 +65,7 @@
 import com.evolveum.midpoint.common.configuration.api.MidpointConfiguration;
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
+import com.evolveum.midpoint.model.api.ModelAuditService;
 import com.evolveum.midpoint.model.api.ModelInteractionService;
 import com.evolveum.midpoint.model.api.ModelService;
 import com.evolveum.midpoint.model.api.TaskService;
@@ -184,7 +185,7 @@ public class MidPointApplication extends AuthenticatedWebApplication {
     @Autowired
     transient TaskManager taskManager;
     @Autowired
-    transient AuditService auditService;
+    transient ModelAuditService auditService;
 	@Autowired
 	transient private RepositoryService repositoryService;			// temporary
     @Autowired
@@ -317,7 +318,7 @@ public TaskManager getTaskManager() {
         return taskManager;
     }
 
-    public AuditService getAuditService() {
+    public ModelAuditService getAuditService() {
         return auditService;
     }
 

diff --git a/model/model-api/pom.xml b/model/model-api/pom.xml
@@ -77,6 +77,11 @@
 			<artifactId>security-api</artifactId>
 			<version>3.5-SNAPSHOT</version>
 		</dependency>
+		<dependency>
+			<groupId>com.evolveum.midpoint.repo</groupId>
+			<artifactId>audit-api</artifactId>
+			<version>3.5-SNAPSHOT</version>
+		</dependency>
 		<dependency>
 			<groupId>com.evolveum.midpoint.tools</groupId>
 			<artifactId>test-ng</artifactId>

diff --git a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuditService.java b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuditService.java
@@ -0,0 +1,30 @@
+/**
+ * Copyright (c) 2016 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.evolveum.midpoint.model.api;
+
+import com.evolveum.midpoint.audit.api.AuditService;
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+
+/**
+ * @author semancik
+ *
+ */
+public interface ModelAuditService extends AuditService {
+
+	<O extends ObjectType> PrismObject<O> reconstructObject(String oid, String eventIdentifier);
+
+}
diff --git a/...model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/AuditController.java b/...model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/AuditController.java
@@ -0,0 +1,91 @@
+/**
+ * Copyright (c) 2016 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.evolveum.midpoint.model.impl.controller;
+
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.evolveum.midpoint.audit.api.AuditEventRecord;
+import com.evolveum.midpoint.audit.api.AuditService;
+import com.evolveum.midpoint.model.api.ModelAuditService;
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.CleanupPolicyType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+
+/**
+ * @author semancik
+ *
+ */
+@Component
+public class AuditController implements ModelAuditService {
+
+	@Autowired
+	private AuditService auditService;
+
+	/* (non-Javadoc)
+	 * @see com.evolveum.midpoint.audit.api.AuditService#audit(com.evolveum.midpoint.audit.api.AuditEventRecord, com.evolveum.midpoint.task.api.Task)
+	 */
+	@Override
+	public void audit(AuditEventRecord record, Task task) {
+		// TODO: authorizations
+		auditService.audit(record, task);
+	}
+
+	/* (non-Javadoc)
+	 * @see com.evolveum.midpoint.audit.api.AuditService#listRecords(java.lang.String, java.util.Map)
+	 */
+	@Override
+	public List<AuditEventRecord> listRecords(String query, Map<String, Object> params) {
+		// TODO: authorizations
+		return auditService.listRecords(query, params);
+	}
+
+	/* (non-Javadoc)
+	 * @see com.evolveum.midpoint.audit.api.AuditService#countObjects(java.lang.String, java.util.Map)
+	 */
+	@Override
+	public long countObjects(String query, Map<String, Object> params) {
+		// TODO: authorizations
+		return auditService.countObjects(query, params);
+	}
+
+	@Override
+	public void cleanupAudit(CleanupPolicyType policy, OperationResult parentResult) {
+		// TODO: authorizations
+		auditService.cleanupAudit(policy, parentResult);
+	}
+
+	/* (non-Javadoc)
+	 * @see com.evolveum.midpoint.audit.api.AuditService#supportsRetrieval()
+	 */
+	@Override
+	public boolean supportsRetrieval() {
+		return auditService.supportsRetrieval();
+	}
+
+	@Override
+	public <O extends ObjectType> PrismObject<O> reconstructObject(String oid, String eventIdentifier) {
+		// TODO: authorizations
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+}
diff --git a/repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditService.java b/repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditService.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2013 Evolveum
+ * Copyright (c) 2010-2016 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,9 +18,11 @@
 import java.util.List;
 import java.util.Map;
 
+import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CleanupPolicyType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 
 /**
  * @author semancik
@@ -29,17 +31,30 @@ public interface AuditService {
 
     public static final int MAX_MESSAGE_SIZE = 1024;
 
-	public void audit(AuditEventRecord record, Task task);
+	void audit(AuditEventRecord record, Task task);
 
     /**
      * Clean up audit records that are older than specified.
      *
      * @param policy Records will be deleted base on this policy.
      */
-    public void cleanupAudit(CleanupPolicyType policy, OperationResult parentResult);
+	void cleanupAudit(CleanupPolicyType policy, OperationResult parentResult);
 
-    public List<AuditEventRecord> listRecords(String query, Map<String, Object> params);
-
-    public long countObjects(String query, Map<String, Object> params);
+    /**
+     * @throws UnsupportedOperationException if object retrieval is not supported
+     */
+    List<AuditEventRecord> listRecords(String query, Map<String, Object> params);
+
+    /**
+     * @throws UnsupportedOperationException if object retrieval is not supported
+     */
+    long countObjects(String query, Map<String, Object> params);
+
+    /**
+     * Returns true if retrieval of objects from the audit trail is supported.
+     * This applies to listRecords, countObjects, reconstructObject and similar
+     * operations.
+     */
+    boolean supportsRetrieval();
 
 }
diff --git a/repo/audit-impl/src/main/java/com/evolveum/midpoint/audit/impl/LoggerAuditServiceImpl.java b/repo/audit-impl/src/main/java/com/evolveum/midpoint/audit/impl/LoggerAuditServiceImpl.java
@@ -159,18 +159,22 @@ private String formatDeltaSummary(Collection<ObjectDeltaOperation<? extends Obje
 
 	@Override
 	public List<AuditEventRecord> listRecords(String query, Map<String, Object> params) {
-		// TODO Auto-generated method stub
-		return null;
+		throw new UnsupportedOperationException("Object retrieval not supported");
+	}
+
+    @Override
+    public long countObjects(String query, Map<String, Object> params){
+    	throw new UnsupportedOperationException("Object retrieval not supported");
+    }
+
+	@Override
+	public boolean supportsRetrieval() {
+		return false;
 	}
 
 	// This method is never used. It is here only for maven dependency plugin to properly detect common component usage.
 	@SuppressWarnings("unused")
 	private void fakeMethod() {
 		LoggingConfigurationManager.getCurrentlyUsedVersion();
 	}
-
-    @Override
-    public long countObjects(String query, Map<String, Object> params){
-        return 0;
-    }
 }
diff --git a/repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlAuditServiceImpl.java b/repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlAuditServiceImpl.java
@@ -31,13 +31,15 @@
 import com.evolveum.midpoint.repo.sql.util.RUtil;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.util.DebugUtil;
 import com.evolveum.midpoint.util.Holder;
 import com.evolveum.midpoint.util.MiscUtil;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.exception.SystemException;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CleanupPolicyType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 
 import org.apache.commons.lang.Validate;
 import org.hibernate.Query;
@@ -111,12 +113,22 @@ public List<AuditEventRecord> listRecords(String query, Map<String, Object> para
     private List<AuditEventRecord> listRecordsAttempt(String query, Map<String, Object> params) {
         Session session = null;
         List<AuditEventRecord> auditRecords = null;
+
+        if (LOGGER.isTraceEnabled()) {
+        	LOGGER.trace("List records attempt\n  query: {}\n{}  params:\n{}", query, DebugUtil.debugDump(params, 2));
+        }
+
         try {
             session = baseHelper.beginTransaction();
             session.setFlushMode(FlushMode.MANUAL);
             Query q = session.createQuery(query);
             setParametersToQuery(q, params);
 //            q.setResultTransformer(Transformers.aliasToBean(RAuditEventRecord.class));
+
+            if (LOGGER.isTraceEnabled()) {
+            	LOGGER.trace("List records attempt\n  processed query: {}", q);
+            }
+
             List resultList = q.list();
 
             auditRecords = new ArrayList<>();
@@ -145,6 +157,11 @@ private List<AuditEventRecord> listRecordsAttempt(String query, Map<String, Obje
         } finally {
 			baseHelper.cleanupSessionAndResult(session, null);
         }
+
+        if (LOGGER.isTraceEnabled()) {
+        	LOGGER.trace("List records attempt returned {} records", auditRecords.size());
+        }
+
         return auditRecords;
 
     }
@@ -407,4 +424,9 @@ public long countObjects(String query, Map<String, Object> params) {
         return count;
     }
 
+	@Override
+	public boolean supportsRetrieval() {
+		return true;
+	}
+
 }
diff --git a/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/DummyAuditService.java b/repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/DummyAuditService.java
@@ -28,6 +28,7 @@
 import com.evolveum.midpoint.audit.api.AuditEventRecord;
 import com.evolveum.midpoint.audit.api.AuditEventStage;
 import com.evolveum.midpoint.audit.api.AuditService;
+import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismPropertyValue;
 import com.evolveum.midpoint.prism.PrismReferenceValue;
 import com.evolveum.midpoint.prism.delta.ChangeType;
@@ -410,12 +411,16 @@ public String debugDump(int indent) {
 
 	@Override
 	public List<AuditEventRecord> listRecords(String query, Map<String, Object> params) {
-		// TODO Auto-generated method stub
-		return null;
+		throw new UnsupportedOperationException("Object retrieval not supported");
 	}
 
     @Override
     public long countObjects(String query, Map<String, Object> params){
-        return 0;
+    	throw new UnsupportedOperationException("Object retrieval not supported");
     }
+
+	@Override
+	public boolean supportsRetrieval() {
+		return false;
+	}
 }
diff --git a/repo/system-init/src/main/java/com/evolveum/midpoint/init/AuditServiceProxy.java b/repo/system-init/src/main/java/com/evolveum/midpoint/init/AuditServiceProxy.java
@@ -225,22 +225,36 @@ public void visit(Visitable visitable) {
 	@Override
 	public List<AuditEventRecord> listRecords(String query, Map<String, Object> params) {
 		List<AuditEventRecord> result = new ArrayList<AuditEventRecord>();
-		for (AuditService service : services){
-			List<AuditEventRecord> records = service.listRecords(query, params);
-			if (records != null && !records.isEmpty()){
-				result.addAll(records);
+		for (AuditService service : services) {
+			if (service.supportsRetrieval()) {
+				List<AuditEventRecord> records = service.listRecords(query, params);
+				if (records != null && !records.isEmpty()){
+					result.addAll(records);
+				}
 			}
 		}
 		return result;
 	}
 
     @Override
-    public long countObjects(String query, Map<String, Object> params){
+    public long countObjects(String query, Map<String, Object> params) {
         long count = 0;
-        for (AuditService service : services){
-            long c = service.countObjects(query, params);
-            count += c;
+        for (AuditService service : services) {
+        	if (service.supportsRetrieval()) {
+	            long c = service.countObjects(query, params);
+	            count += c;
+        	}
         }
         return count;
     }
+
+	@Override
+	public boolean supportsRetrieval() {
+		for (AuditService service : services) {
+        	if (service.supportsRetrieval()) {
+	            return true;
+        	}
+        }
+		return false;
+	}
 }