[jira] [Created] (WICKET-6508) Automatically logging access to data objects (lambdamodels) in wicket gui

Fri, 15 Dec 2017 05:26:30 -0800 

Martin Makundi created WICKET-6508:
--------------------------------------

             Summary: Automatically logging access to data objects 
(lambdamodels) in wicket gui
                 Key: WICKET-6508
                 URL: https://issues.apache.org/jira/browse/WICKET-6508
             Project: Wicket
          Issue Type: New Feature
          Components: wicket
    Affects Versions: 8.0.0-M8
            Reporter: Martin Makundi


The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14 
April 2016, and it brings strict requirements to logging things like data 
access.

We are investigating ways to automatically log access to data objects in wicket 
gui.

Oldschool solutions would be, for example to override/customize PropertyModel 
and log target object and method invoked, and possibly result value, together 
with necessary information from session (timestamp, user id, authorization 
level, etc.).

However, with wicket 8 and java 8 lambda possibilities, I am wondering if there 
would be  some ingenious suggestion how to do this very nicely by implementing 
own AuditTrailSerializableFunction or similar?

Might need to wrap the data objects in some sort of proxy but that would be ok:
* https://gist.github.com/jhorstmann/de367a42a08d8deb8df9
* 
https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j
* 
https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes

Would be nice if wicket would provide reusable blueprints for this, like it 
does for general authorization functionalities.

It could have methods like isAuthorized before invoking get or set and log if 
not authorized and throw exception. 

When model access is authroized, it would have methods like logAccess() which 
will log (as necessary) how and what is accessed. Logging implementation will 
take care of optimizing frequent logs etc.

Possibly it could be applied to both propertymodel and lamba model as a "model 
behavior" or something.


Proposals welcome, we will be submitting something soon.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to