You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Martin Makundi (JIRA)" <ji...@apache.org> on 2017/12/15 13:26:00 UTC

[jira] [Created] (WICKET-6508) Automatically logging access to data objects (lambdamodels) in wicket gui

Martin Makundi created WICKET-6508:
--------------------------------------

             Summary: Automatically logging access to data objects (lambdamodels) in wicket gui
                 Key: WICKET-6508
                 URL: https://issues.apache.org/jira/browse/WICKET-6508
             Project: Wicket
          Issue Type: New Feature
          Components: wicket
    Affects Versions: 8.0.0-M8
            Reporter: Martin Makundi


The [GDPR|https://www.eugdpr.org/] was approved by the EU Parliament on 14 April 2016, and it brings strict requirements to logging things like data access.

We are investigating ways to automatically log access to data objects in wicket gui.

Oldschool solutions would be, for example to override/customize PropertyModel and log target object and method invoked, and possibly result value, together with necessary information from session (timestamp, user id, authorization level, etc.).

However, with wicket 8 and java 8 lambda possibilities, I am wondering if there would be  some ingenious suggestion how to do this very nicely by implementing own AuditTrailSerializableFunction or similar?

Might need to wrap the data objects in some sort of proxy but that would be ok:
* https://gist.github.com/jhorstmann/de367a42a08d8deb8df9
* https://stackoverflow.com/questions/13356326/how-can-i-log-every-method-called-in-a-class-automatically-with-log4j
* https://stackoverflow.com/questions/3291637/alternatives-to-java-lang-reflect-proxy-for-creating-proxies-of-abstract-classes

Would be nice if wicket would provide reusable blueprints for this, like it does for general authorization functionalities.

It could have methods like isAuthorized before invoking get or set and log if not authorized and throw exception. 

When model access is authroized, it would have methods like logAccess() which will log (as necessary) how and what is accessed. Logging implementation will take care of optimizing frequent logs etc.

Possibly it could be applied to both propertymodel and lamba model as a "model behavior" or something.


Proposals welcome, we will be submitting something soon.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)