You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by "Martin Grigorov (JIRA)" <ji...@apache.org> on 2015/01/04 13:50:34 UTC
[jira] [Comment Edited] (ISIS-999) Provide a log to administrator
of which users logged in and logged out
[ https://issues.apache.org/jira/browse/ISIS-999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14263846#comment-14263846 ]
Martin Grigorov edited comment on ISIS-999 at 1/4/15 12:49 PM:
---------------------------------------------------------------
If we log this information in the DB then there is no clustering issue.
This is how I see it:
- the new service will be looked up in org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis
- org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis#authenticate() will log "Account who has been logged."
- org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis#AuthenticatedWebSessionForIsis() will log "Date/Time the session has been started."
Note: we may want org.apache.wicket.session.ISessionStore.BindListener if we are interested in the actual creation of HttpSession
- org.apache.wicket.Session#onInvalidate() may be used to track "Date/Time the session has been ended (by the user or automatically due to inactivity, etc.)". If there RequestCycle ThreadLocal then it is triggered by the user, otherwise it is due to inactivity.
was (Author: mgrigorov):
If we log this information in the DB then there is no clustering issue.
This is how I see it:
- the new service will be looked up in org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis
- org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis#authenticate() will log "Account who has been logged."
- org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis#AuthenticatedWebSessionForIsis() will log "Date/Time the session has been started."
Note: we may want org.apache.wicket.session.ISessionStore.BindListener if we are interested in the actual creation of HttpSession
- org.apache.wicket.Session#onInvalidate() may be used to track "ate/Time the session has been ended (by the user or automatically due to inactivity, etc.)". If there RequestCycle ThreadLocal then it is triggered by the user, otherwise it is due to inactivity.
> Provide a log to administrator of which users logged in and logged out
> ----------------------------------------------------------------------
>
> Key: ISIS-999
> URL: https://issues.apache.org/jira/browse/ISIS-999
> Project: Isis
> Issue Type: New Feature
> Components: Core, Viewer: Wicket
> Affects Versions: viewer-wicket-1.7.0, core-1.7.0
> Reporter: Dan Haywood
> Assignee: Dan Haywood
> Fix For: viewer-wicket-1.9.0, core-1.9.0
>
>
> A log showing the following info (at least) must be available:
> * Account who has been logged.
> * Date/Time the session has been started.
> * Date/Time the session has been ended (by the user or automatically due to inactivity, etc.).
> ~~~
> Suggest that this be specified some sort of new optional service defined in the applib.
> If present, then on login and logout we can call this new optional service.
> I can imagine there being a requirement to surface this info in the UI, which probably means persisting to a database, ie some sort of new audit entity.
> Easiest option is to have the new service could be implemented by isisaddons' isis-module-security? Or perhaps a completely new isisaddon service if don't want to couple this?
> Not sure how to capture timeouts; is this info available through some sort of Wicket callback? Perhaps it should be done through a Quartz scheduler service, which can mark sessions as dead if not used for 15 minutes?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)