[jira] [Reopened] (ISIS-999) Provide a log to administrator of which users logged in and logged out

Wed, 21 Jan 2015 14:01:50 -0800 

     [ 
https://issues.apache.org/jira/browse/ISIS-999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Martin Grigorov reopened ISIS-999:
----------------------------------

Session invalidation leads to:

java.lang.NullPointerException
        at 
org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis.onInvalidate(AuthenticatedWebSessionForIsis.java:97)
        at 
org.apache.wicket.session.HttpSessionStore$SessionBindingListener.valueUnbound(HttpSessionStore.java:471)
        at 
org.mortbay.jetty.servlet.AbstractSessionManager$Session.unbindValue(AbstractSessionManager.java:1129)
        at 
org.mortbay.jetty.servlet.AbstractSessionManager$Session.doInvalidate(AbstractSessionManager.java:969)
        at 
org.mortbay.jetty.servlet.AbstractSessionManager$Session.timeout(AbstractSessionManager.java:927)

We don't really need the username at that time.

> Provide a log to administrator of which users logged in and logged out
> ----------------------------------------------------------------------
>
>                 Key: ISIS-999
>                 URL: https://issues.apache.org/jira/browse/ISIS-999
>             Project: Isis
>          Issue Type: New Feature
>          Components: Core, Viewer: Wicket
>    Affects Versions: viewer-wicket-1.7.0, core-1.7.0
>            Reporter: Dan Haywood
>            Assignee: Martin Grigorov
>             Fix For: viewer-wicket-1.8.0, core-1.8.0
>
>
> A log showing the following info (at least) must be available:
> * Account who has been logged.
> * Date/Time the session has been started.
> * Date/Time the session has been ended (by the user or automatically due to 
> inactivity, etc.).
> ~~~
> Suggest that this be specified some sort of new optional service defined in 
> the applib.
> If present, then on login and logout we can call this new optional service.
> I can imagine there being a requirement to surface this info in the UI, which 
> probably means persisting to a database, ie some sort of new audit entity.
> Easiest option is to have the new service could be implemented by isisaddons' 
> isis-module-security?  Or perhaps a completely new isisaddon service if don't 
> want to couple this?  
> Not sure how to capture timeouts; is this info available through some sort of 
> Wicket callback?  Perhaps it should be done through a Quartz scheduler 
> service, which can mark sessions as dead if not used for 15 minutes?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to