[MAGNOLIA-2833] Audit login and logout operations in Context to keep them independent of actual execution environment Created: 05/Aug/09  Updated: 04/Nov/15  Resolved: 04/Nov/15

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 4.1
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Jan Haderka Assignee: Philipp Bärfuss
Resolution: Won't Do Votes: 0
Labels: maintenance, quickwin, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to MAGNOLIA-2826 Audit logs a "logout" action as being... Closed
is related to MAGNOLIA-2730 Reimplement audit and security using ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

Currently, auditing of login/logout operations is done in appropriate filters which works fine as long as Magnolia is accessed over the web. The auditing should be moved to the context and more concretely to the UserContextImpl to ensure it is always called even if accessing Magnolia from by other means then over the web. This is currently not possible as UserContentxImpl.logout() is never called from its children. Possible solution is to have method refactored and together with the login() method made final to ensure no child can override the audit call from within those methods. The extending classes should be then allowed to perform custom operations on login/logout by implementing onLogin() and onLogout() methods which will be called from login()/logout() respectively.



 Comments   
Comment by Michael Mühlebach [ 04/Nov/15 ]

Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes.
Thanks for taking the time to raise this issue. As you are no doubt aware this issue has been on our backlog for some time now with very little movement.
I'm going to close this to set expectations so the issue doesn't stay open for years with few updates. If the issue is still relevant please feel free to reopen it or create a new issue.

Generated at Mon Feb 12 03:40:33 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.