Platform Explorer / Nuxeo Platform LTS 2015 7.10

Component org.nuxeo.ecm.platform.audit.service.NXAuditEventsService

Implementation

Javadoc: org.nuxeo.ecm.platform.audit.service.NXAuditEventsService

Services

Extension points

Contributions

XML source

<?xml version="1.0" encoding="UTF-8"?>
<component name="org.nuxeo.ecm.platform.audit.service.NXAuditEventsService">
  <documentation>
    Service that deals with audit.
    <p />
    Most of the work is done at EJB layer though.

    This supports JMS events based
    notifications on a dedicated topic.

    @version 1.0
    @author Julien Anguenot
  </documentation>

  <!-- needed so that activation has access to persistence -->
  <require>org.nuxeo.ecm.platform.audit.service.persistence</require>

  <implementation class="org.nuxeo.ecm.platform.audit.service.NXAuditEventsService" />

  <service>
    <provide interface="org.nuxeo.ecm.platform.audit.api.AuditReader" />
    <provide interface="org.nuxeo.ecm.platform.audit.api.AuditLogger" />
    <provide interface="org.nuxeo.ecm.platform.audit.api.Logs" />
    <provide interface="org.nuxeo.ecm.platform.audit.api.DocumentHistoryReader" />
  </service>

  <extension-point name="event">
    <documentation>
      This service registers auditable events.
      <p />
      Registered events are dummy strings for now.
      <p />
      This service is used to filter auditable events from the JMS topic based
      on their names. The following XML snipset give figures out how the default
      event types are selected for auditing.

      <programlisting>
        <extension target="org.nuxeo.ecm.platform.audit.service.NXAuditEventsService"
          point="event">
          <event name="documentCreated" />
          <event name="documentCreatedByCopy" />
          <event name="documentDuplicated" />
          <event name="documentMoved" />
          <event name="documentRemoved" />
          <event name="documentModified" />
          <event name="documentLocked" />
          <event name="documentUnlocked" />
          <event name="documentSecurityUpdated" />
          <event name="lifecycle_transition_event" />
        </extension>
      </programlisting>
    </documentation>

    <object class="org.nuxeo.ecm.platform.audit.service.extension.EventDescriptor" />

  </extension-point>

  <extension-point name="extendedInfo">

    <documentation>
      This service registered extended info mappings.

      <p />
      This service is used to evaluate EL expression using document as context
      regist:ering results into a map indexed by names.
    </documentation>

    <object
      class="org.nuxeo.ecm.platform.audit.service.extension.ExtendedInfoDescriptor" />
  </extension-point>

  <extension-point name="adapter">

    <documentation>
      register the adapter that will be injected in EL context
    </documentation>

    <object class="org.nuxeo.ecm.platform.audit.service.extension.AdapterDescriptor" />
  </extension-point>

  <extension-point name="backend">

    <documentation>
      Allows to register a backend implementation for the Audit Service
    </documentation>

    <object class="org.nuxeo.ecm.platform.audit.service.extension.AuditBackendDescriptor" />
  </extension-point>

  <extension target="org.nuxeo.ecm.platform.audit.service.NXAuditEventsService"
    point="event">
    <documentation>
      Those default auditable events match Nuxeo core base events.
      <p />
      If you are sending new Nuxeo core events and want them audited, this is
      the place to declare them NXAudit side.
    </documentation>

    <event name="documentCreated" />
    <event name="documentCreatedByCopy" />
    <event name="documentDuplicated" />
    <event name="documentMoved" />
    <event name="documentRemoved" />
    <event name="documentModified" />
    <event name="documentLocked" />
    <event name="documentUnlocked" />
    <event name="documentSecurityUpdated" />
    <event name="lifecycle_transition_event" />
    <event name="loginSuccess" />
    <event name="loginFailed" />
    <event name="logout" />
    <event name="documentCheckedIn" />
    <event name="versionRemoved" />
    <event name="documentProxyPublished" />
    <event name="sectionContentPublished" />
    <event name="documentRestored" />
    <event name="download" />
  </extension>


  <extension target="org.nuxeo.ecm.platform.audit.service.NXAuditEventsService"
    point="backend">

    <backend class="org.nuxeo.ecm.platform.audit.service.DefaultAuditBackend"/>

  </extension>

  <extension target="org.nuxeo.ecm.core.event.EventServiceComponent"
    point="listener">

    <listener name="auditLoggerListener" async="true" postCommit="true"
      class="org.nuxeo.ecm.platform.audit.listener.AuditEventLogger" />

  </extension>

</component>

Documentation

Service that deals with audit.

Most of the work is done at EJB layer though.

This supports JMS events based notifications on a dedicated topic.

@version 1.0

  • 5.4.0-I20101018_1103
  • 5.4.2
  • 5.3.1
  • 5.3.2
  • 5.6
  • 5.3.2-SNAPSHOT
  • 5.4.0.1
  • 5.5
  • 5.4.2-HF05
  • 5.4.1
  • 5.4.0
  • 5.7-I20130322_1136

Introduction

Audit service is used for logging and retrieving audit data into a datastore. Audit data are mainly coming from events.

Features

The audit service is logging creation/deletion/modification events. It is also possible to configure the service to log other events.

For example, there is an addon, called nuxeo-platform-audit-web-access, that log web access.

Architecture

Audit service is mainly a datastore service. It defines a data record structure that will be used for storing audit information.

The datastore is built over a relational database backend. The data record structure is defined in Java by the LogEntry and ExtendedInfo java classes.

They are mapped onto the datastore using JPA (Java Persistence API) annotations. Audit service receive events from the Event service. Then the Audit service is filtering and converting them into log entries. The LogEntry class is mainly obtained from the DocumentMessage event type.

Audit entries may also contain extended informations. These informations are extracted from the event message using EL (Expression Language) expression and stored into a map.

Additional documentation

How To  
Nuxeo Audit Service
  • 5.4.0-I20101018_1103
  • 5.4.2
  • 5.3.1
  • 5.3.2
  • 5.6
  • 5.3.2-SNAPSHOT
  • 5.4.0.1
  • 5.5
  • 5.4.2-HF05
  • 5.4.1
  • 5.4.0
  • 5.7-I20130322_1136

Introduction

Audit service is used for logging and retrieving audit data into a datastore. Audit data are mainly coming from events.

Features

The audit service is logging creation/deletion/modification events. It is also possible to configure the service to log other events.

For example, there is an addon, called nuxeo-platform-audit-web-access, that log web access.

Architecture

Audit service is mainly a datastore service. It defines a data record structure that will be used for storing audit information.

The datastore is built over a relational database backend. The data record structure is defined in Java by the LogEntry and ExtendedInfo java classes.

They are mapped onto the datastore using JPA (Java Persistence API) annotations. Audit service receive events from the Event service. Then the Audit service is filtering and converting them into log entries. The LogEntry class is mainly obtained from the DocumentMessage event type.

Audit entries may also contain extended informations. These informations are extracted from the event message using EL (Expression Language) expression and stored into a map.

Recording new events types

Logging other event types can be done by using an event extension point. Here is an example of how to define this extension point.

<extension point="event"
           target="org.nuxeo.ecm.platform.audit.service.NXAuditEventsService">
    <event name="documentCreated" />
    <event name="documentCreatedByCopy" />
    <event name="documentDuplicated" />
    <event name="documentMoved" />
    <event name="documentRemoved" />
    <event name="documentModified" />
    <event name="documentLocked" />
    <event name="documentUnlocked" />
    <event name="documentPublished" />
    <event name="documentSecurityUpdated" />
    <event name="documentUnPublished" />
    <event name="documentSubmitedForPublication" />
    <event name="documentPublicationRejected" />
    <event name="documentPublicationApproved" />
    <event name="lifecycle_transition_event" />
</extension>
Recording additional informations
  • 5.4.0-I20101018_1103
  • 5.4.2
  • 5.3.1
  • 5.3.2
  • 5.6
  • 5.3.2-SNAPSHOT
  • 5.4.0.1
  • 5.5
  • 5.4.2-HF05
  • 5.4.1
  • 5.4.0
  • 5.7-I20130322_1136

Just after converting received DocumentMessage instance into the corresponding LogEntry instance, Audit service allows you to extract information from the handling context and to store them.

To do this, you have to define an EL expression and associate it with a key. You can access to the following variables :

  • message : Document message describing the event
  • source : Document from which the event is from
  • principal : Identity of the event owner

The following XML snipset is an example of how to extract properties from the document model and store them into the extended information map.

<extension point="extendedInfo"
           target="org.nuxeo.ecm.platform.audit.service.NXAuditEventsService">
    <extendedInfo expression="${source.dublincore.title}" key="title" />
    <extendedInfo expression="${message.cacheKey}" key="key" />
    <extendedInfo expression="${principal.name}" key="user" />
</extension>