[
https://issues.apache.org/jira/browse/WICKET-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Makundi updated WICKET-6508:
-----------------------------------
Description:
The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14
April 2016, and it brings strict requirements to monitoring and logging things
like data access.
We are investigating ways to automatically monitor and log access to data
objects in wicket gui.
Oldschool solutions would be, for example to override/customize PropertyModel
and montor target object and method invoked, and possibly result value,
together with necessary information from session (timestamp, user id,
authorization level, etc.).
However, with wicket 8 and java 8 lambda possibilities, I am wondering if there
would be some ingenious suggestion how to do this very nicely by implementing
own AuditTrailSerializableFunction or similar?
Might need to wrap the data objects in some sort of proxy but that would be ok:
* https://gist.github.com/jhorstmann/de367a42a08d8deb8df9
*
https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j
*
https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes
Would be nice if wicket would provide reusable blueprints for this, like it
does for general authorization functionalities.
It could have methods like isAuthorized before invoking get or set and log if
not authorized and throw exception.
When model access is authroized, it would have methods like logAccess() which
will log (as necessary) how and what is accessed. Logging implementation will
take care of optimizing frequent logs etc.
Possibly it could be applied to both propertymodel and lamba model as a "model
listener" or something.
Proposals welcome, we will be submitting something soon.
was:
The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14
April 2016, and it brings strict requirements to logging things like data
access.
We are investigating ways to automatically log access to data objects in wicket
gui.
Oldschool solutions would be, for example to override/customize PropertyModel
and log target object and method invoked, and possibly result value, together
with necessary information from session (timestamp, user id, authorization
level, etc.).
However, with wicket 8 and java 8 lambda possibilities, I am wondering if there
would be some ingenious suggestion how to do this very nicely by implementing
own AuditTrailSerializableFunction or similar?
Might need to wrap the data objects in some sort of proxy but that would be ok:
* https://gist.github.com/jhorstmann/de367a42a08d8deb8df9
*
https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j
*
https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes
Would be nice if wicket would provide reusable blueprints for this, like it
does for general authorization functionalities.
It could have methods like isAuthorized before invoking get or set and log if
not authorized and throw exception.
When model access is authroized, it would have methods like logAccess() which
will log (as necessary) how and what is accessed. Logging implementation will
take care of optimizing frequent logs etc.
Possibly it could be applied to both propertymodel and lamba model as a "model
listener" or something.
Proposals welcome, we will be submitting something soon.
> Automatically monitoring access to data objects (lambdamodels propertymodels)
> in wicket gui
> -------------------------------------------------------------------------------------------
>
> Key: WICKET-6508
> URL: https://issues.apache.org/jira/browse/WICKET-6508
> Project: Wicket
> Issue Type: New Feature
> Components: wicket
> Affects Versions: 8.0.0-M8
> Reporter: Martin Makundi
> Original Estimate: 8h
> Remaining Estimate: 8h
>
> The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14
> April 2016, and it brings strict requirements to monitoring and logging
> things like data access.
> We are investigating ways to automatically monitor and log access to data
> objects in wicket gui.
> Oldschool solutions would be, for example to override/customize PropertyModel
> and montor target object and method invoked, and possibly result value,
> together with necessary information from session (timestamp, user id,
> authorization level, etc.).
> However, with wicket 8 and java 8 lambda possibilities, I am wondering if
> there would be some ingenious suggestion how to do this very nicely by
> implementing own AuditTrailSerializableFunction or similar?
> Might need to wrap the data objects in some sort of proxy but that would be
> ok:
> * https://gist.github.com/jhorstmann/de367a42a08d8deb8df9
> *
> https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j
> *
> https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes
> Would be nice if wicket would provide reusable blueprints for this, like it
> does for general authorization functionalities.
> It could have methods like isAuthorized before invoking get or set and log if
> not authorized and throw exception.
> When model access is authroized, it would have methods like logAccess() which
> will log (as necessary) how and what is accessed. Logging implementation will
> take care of optimizing frequent logs etc.
> Possibly it could be applied to both propertymodel and lamba model as a
> "model listener" or something.
> Proposals welcome, we will be submitting something soon.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
