[
https://issues.apache.org/jira/browse/WICKET-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Makundi updated WICKET-6508:
-----------------------------------
Summary: Automatically logging access to data objects (lambdamodels
propertymodels) in wicket gui (was: Automatically logging access to data
objects (lambdamodels) in wicket gui)
> Automatically logging access to data objects (lambdamodels propertymodels) in
> wicket gui
> ----------------------------------------------------------------------------------------
>
> Key: WICKET-6508
> URL: https://issues.apache.org/jira/browse/WICKET-6508
> Project: Wicket
> Issue Type: New Feature
> Components: wicket
> Affects Versions: 8.0.0-M8
> Reporter: Martin Makundi
> Original Estimate: 8h
> Remaining Estimate: 8h
>
> The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14
> April 2016, and it brings strict requirements to logging things like data
> access.
> We are investigating ways to automatically log access to data objects in
> wicket gui.
> Oldschool solutions would be, for example to override/customize PropertyModel
> and log target object and method invoked, and possibly result value, together
> with necessary information from session (timestamp, user id, authorization
> level, etc.).
> However, with wicket 8 and java 8 lambda possibilities, I am wondering if
> there would be some ingenious suggestion how to do this very nicely by
> implementing own AuditTrailSerializableFunction or similar?
> Might need to wrap the data objects in some sort of proxy but that would be
> ok:
> * https://gist.github.com/jhorstmann/de367a42a08d8deb8df9
> *
> https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j
> *
> https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes
> Would be nice if wicket would provide reusable blueprints for this, like it
> does for general authorization functionalities.
> It could have methods like isAuthorized before invoking get or set and log if
> not authorized and throw exception.
> When model access is authroized, it would have methods like logAccess() which
> will log (as necessary) how and what is accessed. Logging implementation will
> take care of optimizing frequent logs etc.
> Possibly it could be applied to both propertymodel and lamba model as a
> "model listener" or something.
> Proposals welcome, we will be submitting something soon.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
