[SYNCOPE-1978] Search audit events by who (username)#1438
Open
ozimakov wants to merge 1 commit into
Open
Conversation
Restore the ability to search audit events by the username that performed them. A new "who" query parameter on AuditQuery matches the AuditEvent.who column and supports exact match, multiple values (OR) and "*" wildcards, composing with the existing audit search filters. The filter is threaded through AuditServiceImpl, AuditLogic and the AuditEventDAO interface and all of its implementations (JPA, Neo4j, Elasticsearch, OpenSearch). Values are bound as query parameters; wildcard handling escapes LIKE/regex metacharacters so that only "*" acts as a wildcard, and the JPA predicate uses ESCAPE '#' for cross-database portability. Covered by new integration tests in AuditITCase.
ilgrosso
requested changes
Jun 25, 2026
ilgrosso
left a comment
ilgrosso
left a comment
Member
There was a problem hiding this comment.
This PR is proposing to add the capability to search audit events by who, e.g. by the administrator that was logged as the requester for the action that was logged as audit entry.
I believe this is a nice addition but it will require a different issue on JIRA.
This because SYNCOPE-1978 is instead asking to restore the possibility to match audit events by username, e.g. to look for users whose payload was logged for the audit entry - as opposite as the current capability to look for such users only by their key.
| } | ||
|
|
||
| public AuditEventCriteriaBuilder who(final Set<String> who, final List<Object> parameters) { | ||
| if (who != null && !who.isEmpty()) { |
Member
There was a problem hiding this comment.
replace with Spring's CollectionUtils#isEmpty
| if (who != null && !who.isEmpty()) { | ||
| query.append(andIfNeeded()).append("("); | ||
| boolean first = true; | ||
| for (String value : who) { |
Member
There was a problem hiding this comment.
Can't this loop be replaced by stream with map and Collectors#joining?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SYNCOPE-1978
What
Restores the ability to search audit events by the username that performed them. A new
whoquery parameter onAuditQuerymatches theAuditEvent.whocolumn and supports:?who=jsmith?who=jsmith&who=admin*wildcards —?who=svc-*It composes (AND) with the existing audit search filters (
entityKey,type,category,op,outcome,before/after).Why
Syncope 3.0 allowed searching audit entries by username; 4.0 removed it. The capability is useful to retrieve all actions performed by a given user — in particular when that user has been deleted and the entity key is no longer available.
Implementation
The filter is threaded through
AuditServiceImpl→AuditLogic→ theAuditEventDAOinterface and all of its implementations: JPA, Neo4j, Elasticsearch and OpenSearch. All values are bound as query parameters; wildcard handling escapes store metacharacters so that only*acts as a wildcard:=, wildcard usesLIKE ? ESCAPE '#'(a backslash escape char is mishandled by MySQL/MariaDB and Oracle has no default escape, so#is used for portability);=, wildcard uses=~with regex metacharacters escaped;wildcardquery per value, OR-ed viabool/should, escaping\and?.Tests
New integration tests in
AuditITCasecover exact match, multiple values (OR) and wildcard, composed with the other filters. Manually verified against the standalone (H2) distribution.