Audit login and logout operations in Context to keep them independent of actual
execution environment
-----------------------------------------------------------------------------------------------------
Key: MAGNOLIA-2833
URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-2833
Project: Magnolia
Issue Type: Improvement
Components: security
Affects Versions: 4.1
Reporter: Jan Haderka
Assignee: Philipp Bärfuss
Currently, auditing of login/logout operations is done in appropriate filters
which works fine as long as Magnolia is accessed over the web. The auditing
should be moved to the context and more concretely to the {{UserContextImpl}}
to ensure it is always called even if accessing Magnolia from by other means
then over the web. This is currently not possible as
{{UserContentxImpl.logout()}} is never called from its children. Possible
solution is to have method refactored and together with the {{login()}} method
made final to ensure no child can override the audit call from within those
methods. The extending classes should be then allowed to perform custom
operations on login/logout by implementing {{onLogin()}} and {{onLogout()}}
methods which will be called from {{login()}}/{{logout()}} respectively.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------
