[ https://issues.apache.org/jira/browse/WICKET-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467038#comment-16467038 ]
Sven Meier commented on WICKET-6508: ------------------------------------ For PropertyModels you could use a custom IPropertyLocator (see WICKET-5623) to do add some monitoring. > Automatically monitoring access to data objects (lambdamodels propertymodels) > in wicket gui > ------------------------------------------------------------------------------------------- > > Key: WICKET-6508 > URL: https://issues.apache.org/jira/browse/WICKET-6508 > Project: Wicket > Issue Type: New Feature > Components: wicket > Affects Versions: 8.0.0-M8 > Reporter: Martin Terra > Priority: Minor > Original Estimate: 8h > Remaining Estimate: 8h > > The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14 > April 2016, and it brings strict requirements to monitoring and logging > things like data access (see also [GDPR – A PRACTICAL GUIDE FOR > DEVELOPERS|https://techblog.bozho.net/gdpr-practical-guide-developers/]). > We are investigating ways to automatically monitor and log access to data > objects in wicket gui. > Oldschool solutions would be, for example to override/customize PropertyModel > and montor target object and method invoked, and possibly result value, > together with necessary information from session (timestamp, user id, > authorization level, etc.). > However, with wicket 8 and java 8 lambda possibilities, I am wondering if > there would be some ingenious suggestion how to do this very nicely by > implementing own AuditTrailSerializableFunction or similar? > Might need to wrap the data objects in some sort of proxy but that would be > ok: > * https://gist.github.com/jhorstmann/de367a42a08d8deb8df9 > * > https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j > * > https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes > Would be nice if wicket would provide reusable blueprints for this, like it > does for general authorization functionalities. > It could have methods like isAuthorized before invoking get or set and log if > not authorized and throw exception. > When model access is authroized, it would have methods like logAccess() which > will log (as necessary) how and what is accessed. Logging implementation will > take care of optimizing frequent logs etc. > Possibly it could be applied to both propertymodel and lamba model as a > "model listener" or something. > Proposals welcome, we will be submitting something soon. -- This message was sent by Atlassian JIRA (v7.6.3#76005)