[ https://issues.apache.org/jira/browse/WICKET-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Makundi updated WICKET-6508: ----------------------------------- Summary: Automatically logging access to data objects (lambdamodels propertymodels) in wicket gui (was: Automatically logging access to data objects (lambdamodels) in wicket gui) > Automatically logging access to data objects (lambdamodels propertymodels) in > wicket gui > ---------------------------------------------------------------------------------------- > > Key: WICKET-6508 > URL: https://issues.apache.org/jira/browse/WICKET-6508 > Project: Wicket > Issue Type: New Feature > Components: wicket > Affects Versions: 8.0.0-M8 > Reporter: Martin Makundi > Original Estimate: 8h > Remaining Estimate: 8h > > The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14 > April 2016, and it brings strict requirements to logging things like data > access. > We are investigating ways to automatically log access to data objects in > wicket gui. > Oldschool solutions would be, for example to override/customize PropertyModel > and log target object and method invoked, and possibly result value, together > with necessary information from session (timestamp, user id, authorization > level, etc.). > However, with wicket 8 and java 8 lambda possibilities, I am wondering if > there would be some ingenious suggestion how to do this very nicely by > implementing own AuditTrailSerializableFunction or similar? > Might need to wrap the data objects in some sort of proxy but that would be > ok: > * https://gist.github.com/jhorstmann/de367a42a08d8deb8df9 > * > https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j > * > https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes > Would be nice if wicket would provide reusable blueprints for this, like it > does for general authorization functionalities. > It could have methods like isAuthorized before invoking get or set and log if > not authorized and throw exception. > When model access is authroized, it would have methods like logAccess() which > will log (as necessary) how and what is accessed. Logging implementation will > take care of optimizing frequent logs etc. > Possibly it could be applied to both propertymodel and lamba model as a > "model listener" or something. > Proposals welcome, we will be submitting something soon. -- This message was sent by Atlassian JIRA (v6.4.14#64029)