You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "Martin Grigorov (JIRA)" <ji...@apache.org> on 2015/01/21 23:01:34 UTC

[jira] [Reopened] (ISIS-999) Provide a log to administrator of which users logged in and logged out

     [ https://issues.apache.org/jira/browse/ISIS-999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Grigorov reopened ISIS-999:
----------------------------------

Session invalidation leads to:

java.lang.NullPointerException
	at org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis.onInvalidate(AuthenticatedWebSessionForIsis.java:97)
	at org.apache.wicket.session.HttpSessionStore$SessionBindingListener.valueUnbound(HttpSessionStore.java:471)
	at org.mortbay.jetty.servlet.AbstractSessionManager$Session.unbindValue(AbstractSessionManager.java:1129)
	at org.mortbay.jetty.servlet.AbstractSessionManager$Session.doInvalidate(AbstractSessionManager.java:969)
	at org.mortbay.jetty.servlet.AbstractSessionManager$Session.timeout(AbstractSessionManager.java:927)

We don't really need the username at that time.

> Provide a log to administrator of which users logged in and logged out
> ----------------------------------------------------------------------
>
>                 Key: ISIS-999
>                 URL: https://issues.apache.org/jira/browse/ISIS-999
>             Project: Isis
>          Issue Type: New Feature
>          Components: Core, Viewer: Wicket
>    Affects Versions: viewer-wicket-1.7.0, core-1.7.0
>            Reporter: Dan Haywood
>            Assignee: Martin Grigorov
>             Fix For: viewer-wicket-1.8.0, core-1.8.0
>
>
> A log showing the following info (at least) must be available:
> * Account who has been logged.
> * Date/Time the session has been started.
> * Date/Time the session has been ended (by the user or automatically due to inactivity, etc.).
> ~~~
> Suggest that this be specified some sort of new optional service defined in the applib.
> If present, then on login and logout we can call this new optional service.
> I can imagine there being a requirement to surface this info in the UI, which probably means persisting to a database, ie some sort of new audit entity.
> Easiest option is to have the new service could be implemented by isisaddons' isis-module-security?  Or perhaps a completely new isisaddon service if don't want to couple this?  
> Not sure how to capture timeouts; is this info available through some sort of Wicket callback?  Perhaps it should be done through a Quartz scheduler service, which can mark sessions as dead if not used for 15 minutes?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)