[
https://issues.apache.org/jira/browse/WICKET-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467019#comment-16467019
]
Martin Makundi commented on WICKET-6508:
----------------------------------------
{color:#222222}Thanks [~manuelbarzi]. The biggest problem with the proposal is
that an extra interface would be needed for each bean, that's quite 'before
lamda' coding style.{color}
Also the proxy seems unnecessary, as wicket LambdaModel already has information
about setter and target.
Could you instead propose a modification to LamdaModel and
AbstractPropertyModel so that a listener can be configured on application
level? This can then be elaborated so that models could be context/hierarchy
aware and maybe log to different listeners depending on contexts, but for sure
a global listener would be ok as a first attempt.
> Automatically monitoring access to data objects (lambdamodels propertymodels)
> in wicket gui
> -------------------------------------------------------------------------------------------
>
> Key: WICKET-6508
> URL: https://issues.apache.org/jira/browse/WICKET-6508
> Project: Wicket
> Issue Type: New Feature
> Components: wicket
> Affects Versions: 8.0.0-M8
> Reporter: Martin Makundi
> Priority: Minor
> Original Estimate: 8h
> Remaining Estimate: 8h
>
> The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14
> April 2016, and it brings strict requirements to monitoring and logging
> things like data access (see also [GDPR – A PRACTICAL GUIDE FOR
> DEVELOPERS|https://techblog.bozho.net/gdpr-practical-guide-developers/]).
> We are investigating ways to automatically monitor and log access to data
> objects in wicket gui.
> Oldschool solutions would be, for example to override/customize PropertyModel
> and montor target object and method invoked, and possibly result value,
> together with necessary information from session (timestamp, user id,
> authorization level, etc.).
> However, with wicket 8 and java 8 lambda possibilities, I am wondering if
> there would be some ingenious suggestion how to do this very nicely by
> implementing own AuditTrailSerializableFunction or similar?
> Might need to wrap the data objects in some sort of proxy but that would be
> ok:
> * https://gist.github.com/jhorstmann/de367a42a08d8deb8df9
> *
> https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j
> *
> https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes
> Would be nice if wicket would provide reusable blueprints for this, like it
> does for general authorization functionalities.
> It could have methods like isAuthorized before invoking get or set and log if
> not authorized and throw exception.
> When model access is authroized, it would have methods like logAccess() which
> will log (as necessary) how and what is accessed. Logging implementation will
> take care of optimizing frequent logs etc.
> Possibly it could be applied to both propertymodel and lamba model as a
> "model listener" or something.
> Proposals welcome, we will be submitting something soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
