Audit login and logout operations in Context to keep them independent of actual execution environment -----------------------------------------------------------------------------------------------------
Key: MAGNOLIA-2833 URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-2833 Project: Magnolia Issue Type: Improvement Components: security Affects Versions: 4.1 Reporter: Jan Haderka Assignee: Philipp Bärfuss Currently, auditing of login/logout operations is done in appropriate filters which works fine as long as Magnolia is accessed over the web. The auditing should be moved to the context and more concretely to the {{UserContextImpl}} to ensure it is always called even if accessing Magnolia from by other means then over the web. This is currently not possible as {{UserContentxImpl.logout()}} is never called from its children. Possible solution is to have method refactored and together with the {{login()}} method made final to ensure no child can override the audit call from within those methods. The extending classes should be then allowed to perform custom operations on login/logout by implementing {{onLogin()}} and {{onLogout()}} methods which will be called from {{login()}}/{{logout()}} respectively. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.magnolia-cms.com/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com> ----------------------------------------------------------------