cancel
Showing results for 
Search instead for 
Did you mean: 

How can i audit Webscript

wajdi_ghribi
Champ in-the-making
Champ in-the-making
Hi,
I would like to know how can i audit Webscripts, i implemented a webscript that extends AbstractWebScript, i added @auditable to the execute method and activated the audit :
audit.enabled=true
audit.alfresco-access.enabled=true
but still not getting the action audited, any help please.
3 REPLIES 3

afaust
Legendary Innovator
Legendary Innovator
Hello,

there currently is not support for auditing web scripts via the @Auditable annotation. The @Auditable annotation is intended to be used on service interfaces that are then configured to use a "public proxy bean" where a special AOP interceptor processes the interface and its annotations. Web scripts already are implementations and are hard to be converted into the same type of "public proxy" and "private implementation" architecture like services.

You can still manually record audit data from your web script code by using the AuditComponent.recordAuditValues operation. In fact, that is the same API that the AOP interceptor handling the @Auditable annotation uses to record alfresco-api audit events. You could create a new custom base class for all your web scripts that always audits web script invocation, and use subclasses of this for your actual web scripts. That way you wouldn't need any annotation, but could still use it to configure what gets recorded. E.g. you could define what URL parameters get audited as "input" and what elements of the web script model are audited as "output". I wouldn't recommend auditing the rendered response as "output" though as this would surely explode your DB storage requirements quickly…

Regards
Axel

wajdi_ghribi
Champ in-the-making
Champ in-the-making
Thanks AFaust, problem solved by auditing manually, if i'm getting well the idea of using the @Auditable annotation, to audit your specific service you should create an interface which contains methods with the annotation @Auditable and then you configure the proxy interceptor bean, like that every time we call a method from classes that implement our interface, the method "invoke" of the interceptor bean will be called, the method "invoke" normally contains a test something like: "if there is an "auditable" annotation on the invoked method call the AuditComponent.recordAuditValues operation".

afaust
Legendary Innovator
Legendary Innovator
Basically yes - but there already is such an interceptor class, the AuditMethodInterceptor.