[jira] [Updated] (WICKET-6508) Automatically monitoring access to data objects (lambdamodels propertymodels) in wicket gui

Sat, 16 Dec 2017 04:58:25 -0800 

     [ 
https://issues.apache.org/jira/browse/WICKET-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Martin Makundi updated WICKET-6508:
-----------------------------------
    Summary: Automatically monitoring access to data objects (lambdamodels 
propertymodels) in wicket gui  (was: Automatically logging access to data 
objects (lambdamodels propertymodels) in wicket gui)

> Automatically monitoring access to data objects (lambdamodels propertymodels) 
> in wicket gui
> -------------------------------------------------------------------------------------------
>
>                 Key: WICKET-6508
>                 URL: https://issues.apache.org/jira/browse/WICKET-6508
>             Project: Wicket
>          Issue Type: New Feature
>          Components: wicket
>    Affects Versions: 8.0.0-M8
>            Reporter: Martin Makundi
>   Original Estimate: 8h
>  Remaining Estimate: 8h
>
> The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14 
> April 2016, and it brings strict requirements to logging things like data 
> access.
> We are investigating ways to automatically log access to data objects in 
> wicket gui.
> Oldschool solutions would be, for example to override/customize PropertyModel 
> and log target object and method invoked, and possibly result value, together 
> with necessary information from session (timestamp, user id, authorization 
> level, etc.).
> However, with wicket 8 and java 8 lambda possibilities, I am wondering if 
> there would be  some ingenious suggestion how to do this very nicely by 
> implementing own AuditTrailSerializableFunction or similar?
> Might need to wrap the data objects in some sort of proxy but that would be 
> ok:
> * https://gist.github.com/jhorstmann/de367a42a08d8deb8df9
> * 
> https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j
> * 
> https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes
> Would be nice if wicket would provide reusable blueprints for this, like it 
> does for general authorization functionalities.
> It could have methods like isAuthorized before invoking get or set and log if 
> not authorized and throw exception. 
> When model access is authroized, it would have methods like logAccess() which 
> will log (as necessary) how and what is accessed. Logging implementation will 
> take care of optimizing frequent logs etc.
> Possibly it could be applied to both propertymodel and lamba model as a 
> "model listener" or something.
> Proposals welcome, we will be submitting something soon.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to