[MNT-24807] Made the solution user configurable

Alfresco · Jan 13, 2025 · 672d330 · 672d330
1 parent 64262ff
commit 672d330
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 26 deletions.
diff --git a/repository/src/main/java/org/alfresco/repo/event2/filter/NodePropertyFilter.java b/repository/src/main/java/org/alfresco/repo/event2/filter/NodePropertyFilter.java
@@ -25,9 +25,12 @@
  */
 package org.alfresco.repo.event2.filter;
 
+import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Optional;
 import java.util.Set;
+import java.util.function.Predicate;
 
 import org.alfresco.model.ContentModel;
 import org.alfresco.service.namespace.QName;
@@ -39,7 +42,8 @@
  */
 public class NodePropertyFilter extends AbstractNodeEventFilter
 {
-    private static final String FILTERED_PROPERTIES = "sys:*,usr:password,usr:salt,usr:passwordHash,trx:password";
+    private static final String MANDATORY_FILTERED_PROPERTIES = "sys:*";
+    private static final String DEFAULT_SECURITY_FILTERED_PROPERTIES = "usr:password,usr:salt,usr:passwordHash,trx:password";
     // These properties are included as top-level info,
     // so exclude them from the properties object
     private static final Set<QName> EXCLUDED_TOP_LEVEL_PROPS = Set.of(ContentModel.PROP_NAME,
@@ -52,11 +56,16 @@ public class NodePropertyFilter extends AbstractNodeEventFilter
     private static final Set<QName> ALLOWED_PROPERTIES = Set.of(ContentModel.PROP_CASCADE_TX,
             ContentModel.PROP_CASCADE_CRC);
 
-    private final List<String> nodePropertiesBlackList;
+    private final List<String> nodePropertiesBlackList = new ArrayList<>();
 
-    public NodePropertyFilter()
+    public NodePropertyFilter(String userConfiguredFilteredNodeProperties)
     {
-        this.nodePropertiesBlackList = parseFilterList(FILTERED_PROPERTIES);
+        nodePropertiesBlackList.add(MANDATORY_FILTERED_PROPERTIES);
+
+        String filteredNodeProperties = Optional.ofNullable(userConfiguredFilteredNodeProperties)
+                .filter(Predicate.not(String::isEmpty))
+                .orElse(DEFAULT_SECURITY_FILTERED_PROPERTIES);
+        nodePropertiesBlackList.addAll(parseFilterList(filteredNodeProperties));
     }
 
     @Override

diff --git a/repository/src/main/resources/alfresco/events2-context.xml b/repository/src/main/resources/alfresco/events2-context.xml
@@ -19,7 +19,9 @@
         <constructor-arg value="${repo.event2.filter.nodeAspects}"/>
     </bean>
 
-    <bean id="event2NodePropertyFilter" class="org.alfresco.repo.event2.filter.NodePropertyFilter" parent="abstractNodeEventFilter"/>
+    <bean id="event2NodePropertyFilter" class="org.alfresco.repo.event2.filter.NodePropertyFilter" parent="abstractNodeEventFilter">
+        <constructor-arg value="${repo.event2.filter.nodeProperties}"/>
+    </bean>
 
     <bean id="event2UserFilter" class="org.alfresco.repo.event2.filter.EventUserFilter">
         <constructor-arg value="${repo.event2.filter.users}"/>

diff --git a/repository/src/test/java/org/alfresco/repo/event2/EventFilterUnitTest.java b/repository/src/test/java/org/alfresco/repo/event2/EventFilterUnitTest.java
@@ -62,7 +62,8 @@
 public class EventFilterUnitTest
 {
     private static NamespaceService namespaceService;
-    private static NodePropertyFilter propertyFilter;
+    private static NodePropertyFilter defaultPropertyFilter;
+    private static NodePropertyFilter userConfiguredPropertyFilter;
     private static NodeTypeFilter typeFilter;
     private static NodeAspectFilter aspectFilter;
     private static ChildAssociationTypeFilter childAssociationTypeFilter;
@@ -92,10 +93,15 @@ public static void setUp()
         namespaceService.registerNamespace(TransferModel.TRANSFER_MODEL_PREFIX,
                 TransferModel.TRANSFER_MODEL_1_0_URI);
 
-        propertyFilter = new NodePropertyFilter();
-        propertyFilter.setNamespaceService(namespaceService);
-        propertyFilter.setDictionaryService(dictionaryService);
-        propertyFilter.init();
+        defaultPropertyFilter = new NodePropertyFilter(null);
+        defaultPropertyFilter.setNamespaceService(namespaceService);
+        defaultPropertyFilter.setDictionaryService(dictionaryService);
+        defaultPropertyFilter.init();
+
+        userConfiguredPropertyFilter = new NodePropertyFilter("usr:username,trx:username");
+        userConfiguredPropertyFilter.setNamespaceService(namespaceService);
+        userConfiguredPropertyFilter.setDictionaryService(dictionaryService);
+        userConfiguredPropertyFilter.init();
 
         typeFilter = new NodeTypeFilter("sys:*, fm:*, cm:thumbnail");
         typeFilter.setNamespaceService(namespaceService);
@@ -117,24 +123,37 @@ public static void setUp()
     }
 
     @Test
-    public void nodePropertyFilter()
+    public void defaultNodePropertyFilter()
     {
-        assertTrue("System properties are excluded by default.",
-                propertyFilter.isExcluded(ContentModel.PROP_NODE_UUID));
-
-        assertTrue("System properties are excluded by default.",
-                propertyFilter.isExcluded(ContentModel.PROP_NODE_DBID));
-
-        assertTrue(propertyFilter.isExcluded(ContentModel.PROP_PASSWORD));
-        assertTrue(propertyFilter.isExcluded(ContentModel.PROP_SALT));
-        assertTrue(propertyFilter.isExcluded(ContentModel.PROP_PASSWORD_HASH));
-        assertTrue(propertyFilter.isExcluded(TransferModel.PROP_PASSWORD));
-
-        assertFalse("Property cascadeTx is not excluded", propertyFilter.isExcluded(ContentModel.PROP_CASCADE_TX));
-        assertFalse("Property cascadeCRC is not excluded", propertyFilter.isExcluded(ContentModel.PROP_CASCADE_CRC));
-
-        assertFalse(propertyFilter.isExcluded(ContentModel.PROP_TITLE));
+        assertTrue("System property node-uuid should be excluded by default.", defaultPropertyFilter.isExcluded(ContentModel.PROP_NODE_UUID));
+        assertTrue("System property node-dbid should be excluded by default.", defaultPropertyFilter.isExcluded(ContentModel.PROP_NODE_DBID));
+        assertTrue("User property password should be excluded by config.", defaultPropertyFilter.isExcluded(ContentModel.PROP_PASSWORD));
+        assertTrue("User property salt should be excluded by config.", defaultPropertyFilter.isExcluded(ContentModel.PROP_SALT));
+        assertTrue("User property passwordHash should be excluded by config.", defaultPropertyFilter.isExcluded(ContentModel.PROP_PASSWORD_HASH));
+        assertTrue("Transfer property password should be excluded by config.", defaultPropertyFilter.isExcluded(TransferModel.PROP_PASSWORD));
+
+        assertFalse("Property cascadeTx should not be excluded by default.", defaultPropertyFilter.isExcluded(ContentModel.PROP_CASCADE_TX));
+        assertFalse("Property cascadeCRC should not not excluded by default.", defaultPropertyFilter.isExcluded(ContentModel.PROP_CASCADE_CRC));
+        assertFalse("Property title should not not excluded by config.", defaultPropertyFilter.isExcluded(ContentModel.PROP_TITLE));
+        assertFalse("User property username should not be excluded by config.", defaultPropertyFilter.isExcluded(ContentModel.PROP_USER_USERNAME));
+        assertFalse("Transfer property username should not be excluded by config.", defaultPropertyFilter.isExcluded(TransferModel.PROP_USERNAME));
+    }
 
+    @Test
+    public void userConfiguredNodePropertyFilter()
+    {
+        assertTrue("System property node-uuid should be excluded by default.", userConfiguredPropertyFilter.isExcluded(ContentModel.PROP_NODE_UUID));
+        assertTrue("System property node-dbid should be excluded by default.", userConfiguredPropertyFilter.isExcluded(ContentModel.PROP_NODE_DBID));
+        assertTrue("User property username should be excluded by config.", userConfiguredPropertyFilter.isExcluded(ContentModel.PROP_USER_USERNAME));
+        assertTrue("Transfer property username should be excluded by config.", userConfiguredPropertyFilter.isExcluded(TransferModel.PROP_USERNAME));
+
+        assertFalse("Property cascadeTx should not be excluded by default.", userConfiguredPropertyFilter.isExcluded(ContentModel.PROP_CASCADE_TX));
+        assertFalse("Property cascadeCRC should not not excluded by default.", userConfiguredPropertyFilter.isExcluded(ContentModel.PROP_CASCADE_CRC));
+        assertFalse("Property title should not not excluded by config.", userConfiguredPropertyFilter.isExcluded(ContentModel.PROP_TITLE));
+        assertFalse("User property password should not be excluded by config.", userConfiguredPropertyFilter.isExcluded(ContentModel.PROP_PASSWORD));
+        assertFalse("User property salt should not be excluded by config.", userConfiguredPropertyFilter.isExcluded(ContentModel.PROP_SALT));
+        assertFalse("User property passwordHash should not be excluded by config.", userConfiguredPropertyFilter.isExcluded(ContentModel.PROP_PASSWORD_HASH));
+        assertFalse("Transfer property password should not be excluded by config.", userConfiguredPropertyFilter.isExcluded(TransferModel.PROP_PASSWORD));
     }
 
     @Test