Seed Information Management

Enterprise Content Management Consultants ECM Experts

Delete Alfresco Auditing Data

By

Delete Alfresco Auditing Data

Since we described the creation of a custom scheduled job that queries the alfresco audit service and reports on access for each share site in our previous blog, we thought it would be a good idea to share how to clear out the accumulated audit data after a predefined period of time in this blog.

Audit Data Delete Job

In order to delete the audit data after a period of time, we used the same principle as for generating the audit data report. That is we created a custom schedule job that would call a custom java class to clear out the audit data. Our custom scheduled job called custom-schedule-job-context.xml was placed in tomcat/shared/classes/alfresco/extension and is as follows;

<?xml version=’1.0′ encoding=’UTF-8′?>

<!DOCTYPE beans PUBLIC ‘-//SPRING//DTD BEAN//EN’ ‘http://www.springframework.org/dtd/spring-beans.dtd’>

<beans>

<bean id=”runDeleteAuditDataJob” class=”org.springframework.scheduling.quartz.JobDetailBean”>

     <property name=”jobClass”>     

     <value>au.com.seedim.audit.auditjob.ClearAuditData</value>

        </property>

        <property name=”jobDataAsMap”>

             <map>

                 <entry key=”abstractAuthenticationService”>

                     <ref bean=”authenticationService” />

                 </entry>

            </map>

        </property>

    </bean>

 <bean id=”customAuditDataDeleteJobTrigger” class=”org.alfresco.util.CronTriggerBean”>

         <property name=”jobDetail”>

            <ref bean=”runDeleteAuditDataJob”/>

        </property>

        <property name=”scheduler”>

            <ref bean=”schedulerFactory”/>

        </property>

        <property name=”cronExpression”>

          <value>0 0 5 ? * SAT</value>

        </property>

  </bean>

</beans>

 

Audit Data Delete Class

Just as with the audit data report class, the audit data delete class also needs to implement org.quartz.StatefulJob interface so that it can be called from our custom scheduled job.

We had 2 options to delete the audit data;

Option1: Call the OOTB clear audit data webscript

The snippet for the execute method of the audit data delete class calling the webscript is shown below.

public void execute(JobExecutionContext arg0) throws JobExecutionException {          

        if (logger.isDebugEnabled()) logger.debug(“Inside ClearAuditData execute Method”);

        final HttpClient client = new HttpClient();

        client.getState().setCredentials(

                new AuthScope(“localhost”, 8080, “Alfresco”),

                new UsernamePasswordCredentials(“SEEDIM”, “SEEDIM”));

                final String url = “http://localhost:8080/alfresco/service/api/audit/clear/siteaccess”;

                final PostMethod httpPost = new PostMethod(url);                                                              

                try {

                        httpPost.setDoAuthentication(true);

                        httpPost.setRequestHeader(“Content-Type”, “application/json”);

                        int status = client.executeMethod(httpPost);

                        if (status != HttpStatus.SC_OK) {

                        if (logger.isDebugEnabled())logger.debug(“Audit Data Method failed: ” +  httpPost.getStatusLine());

                        }else{

                               if (logger.isDebugEnabled())logger.debug(“Audit Data Cleared”);            

                      }                                             

                   } catch (Exception e) {

                         e.printStackTrace();

                   } finally {

                         httpPost.releaseConnection();

                  }

               }

As it can be seen from the execute method snippet, we are making a post call to alfresco using PostMethod class by passinghttp://localhost:8080/alfresco/service/api/audit/clear/siteaccess as argument where siteaccess is our custom audit application. Authentication is being handled by the httpclient class.

 

Option 2: Use the clearAudit() method from the Audit Service

The snippet for the execute method of the audit data delete class using the clearAudit() method from the Audit Service is shown below.

public void execute(JobExecutionContext arg0) throws JobExecutionException {

            if (logger.isDebugEnabled()) logger.debug(“Inside ClearAuditData execute Method”);

            AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() {

                        public Object doWork() {

                        if (logger.isDebugEnabled()) logger.debug(“Entered ClearAuditData doWork Method”);

                        //Call clearAudit method to remove all audit data for siteaccess audit application

                        auditService.clearAudit(“siteaccess”, null, null);

                        if (logger.isDebugEnabled()) logger.debug(“Audit Data cleared”);

                        return null;

                        }

            },AuthenticationUtil.getSystemUserName());

}

The clearAudit() method removes audit entries for the given application (siteaccess in our case) between the time ranges. If no start time is given then entries are deleted as far back as they exist. If no end time is given then entries are deleted up until the current time.

Conclusion

We decided to use option 2 (use clearAudit() method) for our solution because in option 1 (use clear audit webscript) the authentication credentials have to be hardcoded which means the code needs rework if the authentication credentials are changed whereas with option 2, we can use the AuthenticationUtil.runAs() method to execute the script as System or Admin.