[jira] [Commented] (ISIS-999) Provide a log to administrator of which users logged in and logged out

Fri, 16 Jan 2015 00:52:32 -0800 

    [ 
https://issues.apache.org/jira/browse/ISIS-999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14279989#comment-14279989
 ] 

ASF subversion and git services commented on ISIS-999:
------------------------------------------------------

Commit e40e263a2c6f8b93bdf457d1a2520b0d855ad276 in isis's branch 
refs/heads/master from [~mgrigorov]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=e40e263 ]

ISIS-999 Store session identifier with the log entry

This it will be possible to corelate login with logout events for the same 
session. And reduces the records by two.

Uses System#identityHashCode() to get an idetifier instead of Session#getId() 
to prevent using 'null' as id or to (re-)bind a real http session by accident


> Provide a log to administrator of which users logged in and logged out
> ----------------------------------------------------------------------
>
>                 Key: ISIS-999
>                 URL: https://issues.apache.org/jira/browse/ISIS-999
>             Project: Isis
>          Issue Type: New Feature
>          Components: Core, Viewer: Wicket
>    Affects Versions: viewer-wicket-1.7.0, core-1.7.0
>            Reporter: Dan Haywood
>            Assignee: Martin Grigorov
>             Fix For: viewer-wicket-1.9.0, core-1.9.0
>
>
> A log showing the following info (at least) must be available:
> * Account who has been logged.
> * Date/Time the session has been started.
> * Date/Time the session has been ended (by the user or automatically due to 
> inactivity, etc.).
> ~~~
> Suggest that this be specified some sort of new optional service defined in 
> the applib.
> If present, then on login and logout we can call this new optional service.
> I can imagine there being a requirement to surface this info in the UI, which 
> probably means persisting to a database, ie some sort of new audit entity.
> Easiest option is to have the new service could be implemented by isisaddons' 
> isis-module-security?  Or perhaps a completely new isisaddon service if don't 
> want to couple this?  
> Not sure how to capture timeouts; is this info available through some sort of 
> Wicket callback?  Perhaps it should be done through a Quartz scheduler 
> service, which can mark sessions as dead if not used for 15 minutes?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to