You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by "Martin Grigorov (JIRA)" <ji...@apache.org> on 2015/01/21 23:01:34 UTC
[jira] [Reopened] (ISIS-999) Provide a log to administrator of
which users logged in and logged out
[ https://issues.apache.org/jira/browse/ISIS-999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov reopened ISIS-999:
----------------------------------
Session invalidation leads to:
java.lang.NullPointerException
at org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis.onInvalidate(AuthenticatedWebSessionForIsis.java:97)
at org.apache.wicket.session.HttpSessionStore$SessionBindingListener.valueUnbound(HttpSessionStore.java:471)
at org.mortbay.jetty.servlet.AbstractSessionManager$Session.unbindValue(AbstractSessionManager.java:1129)
at org.mortbay.jetty.servlet.AbstractSessionManager$Session.doInvalidate(AbstractSessionManager.java:969)
at org.mortbay.jetty.servlet.AbstractSessionManager$Session.timeout(AbstractSessionManager.java:927)
We don't really need the username at that time.
> Provide a log to administrator of which users logged in and logged out
> ----------------------------------------------------------------------
>
> Key: ISIS-999
> URL: https://issues.apache.org/jira/browse/ISIS-999
> Project: Isis
> Issue Type: New Feature
> Components: Core, Viewer: Wicket
> Affects Versions: viewer-wicket-1.7.0, core-1.7.0
> Reporter: Dan Haywood
> Assignee: Martin Grigorov
> Fix For: viewer-wicket-1.8.0, core-1.8.0
>
>
> A log showing the following info (at least) must be available:
> * Account who has been logged.
> * Date/Time the session has been started.
> * Date/Time the session has been ended (by the user or automatically due to inactivity, etc.).
> ~~~
> Suggest that this be specified some sort of new optional service defined in the applib.
> If present, then on login and logout we can call this new optional service.
> I can imagine there being a requirement to surface this info in the UI, which probably means persisting to a database, ie some sort of new audit entity.
> Easiest option is to have the new service could be implemented by isisaddons' isis-module-security? Or perhaps a completely new isisaddon service if don't want to couple this?
> Not sure how to capture timeouts; is this info available through some sort of Wicket callback? Perhaps it should be done through a Quartz scheduler service, which can mark sessions as dead if not used for 15 minutes?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)