[
https://issues.apache.org/jira/browse/WICKET-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Grigorov updated WICKET-6508:
------------------------------------
Priority: Minor (was: Major)
> Automatically monitoring access to data objects (lambdamodels propertymodels)
> in wicket gui
> -------------------------------------------------------------------------------------------
>
> Key: WICKET-6508
> URL: https://issues.apache.org/jira/browse/WICKET-6508
> Project: Wicket
> Issue Type: New Feature
> Components: wicket
> Affects Versions: 8.0.0-M8
> Reporter: Martin Makundi
> Priority: Minor
> Original Estimate: 8h
> Remaining Estimate: 8h
>
> The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14
> April 2016, and it brings strict requirements to monitoring and logging
> things like data access (see also [GDPR – A PRACTICAL GUIDE FOR
> DEVELOPERS|https://techblog.bozho.net/gdpr-practical-guide-developers/]).
> We are investigating ways to automatically monitor and log access to data
> objects in wicket gui.
> Oldschool solutions would be, for example to override/customize PropertyModel
> and montor target object and method invoked, and possibly result value,
> together with necessary information from session (timestamp, user id,
> authorization level, etc.).
> However, with wicket 8 and java 8 lambda possibilities, I am wondering if
> there would be some ingenious suggestion how to do this very nicely by
> implementing own AuditTrailSerializableFunction or similar?
> Might need to wrap the data objects in some sort of proxy but that would be
> ok:
> * https://gist.github.com/jhorstmann/de367a42a08d8deb8df9
> *
> https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j
> *
> https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes
> Would be nice if wicket would provide reusable blueprints for this, like it
> does for general authorization functionalities.
> It could have methods like isAuthorized before invoking get or set and log if
> not authorized and throw exception.
> When model access is authroized, it would have methods like logAccess() which
> will log (as necessary) how and what is accessed. Logging implementation will
> take care of optimizing frequent logs etc.
> Possibly it could be applied to both propertymodel and lamba model as a
> "model listener" or something.
> Proposals welcome, we will be submitting something soon.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
