This module, intended for use within Apache Isis, provides an implementation of Isis'
SessionLoggingService API that persists audit entries using Isis' own (JDO) objectstore. Typically this will be to a
relational database; the module’s SessionLogEntry entity is mapped to the "IsisSessionLogEntry" table.
The sessionlogger module automatically creates log entries whenever a user logs on or logs out. The currently logged on users of the application (that is: those for whom there is a valid non-expired HTTP session) can be found from the activity menu:
In the screenshot below there are two currently active users:
The module also allows current and previously active sessions to be searched for:
The list of sessions can optionally be filtered by user and date range:
returning matching sessions:
The prerequisite software is:
-
Java JDK 8 (>= 1.9.0) or Java JDK 7 (>= 1.8.0)
-
note that the compile source and target remains at JDK 7
-
-
maven 3 (3.2.x is recommended).
To build the demo app:
git clone https://github.com/isisaddons/isis-module-audit.git
mvn clean installTo run the demo app:
cd webapp
mvn jetty:runThen log on using user: sven, password: pass
You can either use this module "out-of-the-box", or you can fork this repo and extend to your own requirements.
To use "out-of-the-box":
-
update your classpath by adding this dependency in your project’s
dommodule’spom.xml:
<dependency>
<groupId>org.isisaddons.module.sessionlogger</groupId>
<artifactId>isis-module-sessionlogger-dom</artifactId>
<version>1.14.0</version>
</dependency>Remaining steps to configure:
-
if using
AppManifest, then update itsgetModules()method:@Override public List<Class<?>> getModules() { return Arrays.asList( ... org.isisaddons.module.sessionlogger.SessionLoggerModule.class, ... ); }
-
otherwise, update your
WEB-INF/isis.properties:isis.services-installer=configuration-and-annotation isis.services.ServicesInstallerFromAnnotation.packagePrefix=\ ...,\ org.isisaddons.module.sessionlogger.dom,\ ...
Notes:
-
Check for releases by searching Maven Central Repo.
-
The
SessionLoggingServiceMenuservice is optional but recommended; see below for more information.
If you want to use the current -SNAPSHOT, then the steps are the same as above, except:
-
when updating the classpath, specify the appropriate -SNAPSHOT version:
<version>1.15.0-SNAPSHOT</version>
-
add the repository definition to pick up the most recent snapshot (we use the Cloudbees continuous integration service). We suggest defining the repository in a
<profile>:<profile> <id>cloudbees-snapshots</id> <activation> <activeByDefault>true</activeByDefault> </activation> <repositories> <repository> <id>snapshots-repo</id> <url>http://repository-estatio.forge.cloudbees.com/snapshot/</url> <releases> <enabled>false</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository> </repositories> </profile>
If instead you want to extend this module’s functionality, then we recommend that you fork this repo. The repo is structured as follows:
-
pom.xml- parent pom -
dom- the module implementation, depends on Isis applib -
fixture- fixtures, holding a sample domain objects and fixture scripts; depends ondom -
integtests- integration tests for the module; depends onfixture -
webapp- demo webapp (see above screenshots); depends ondomandfixture
Only the dom project is released to Maven Central Repo. The versions of the other modules are purposely left at
0.0.1-SNAPSHOT because they are not intended to be released.
The SessionLoggingService defines the following API:
public interface SessionLoggingService {
public enum Type {
LOGIN,
LOGOUT
}
public enum CausedBy {
USER,
SESSION_EXPIRATION,
RESTART
}
void log(Type type, String username, Date date, CausedBy causedBy);
}The framework will automatically call the log(…) method on the service implementation if configured to run the Wicket viewer.
|
Note
|
The framework only ever calls The "RESTART" value is provided for implementations (such as the (non-ASF) Isis addons' sessionlogger module) which automatically "tidy-up" and mark as complete and sessions that were in-progress if the webserver is restarted. |
The SessionLoggingService API is implemented in this module by the org.isisaddons.module.sessionlogger.SessionLoggingServiceDefault class.
This implementation simply inserts a session log entry (SessionLogEntry) when either a user logs on, logs out or if
their session expires.
The SessionLogEntry properties directly correspond to parameters of the SessionLoggingService log() API:
public class SessionLogEntry
...
private String sessionId; // (1)
private String username; // (2)
private SessionLoggingService.Type type; // (3)
private Timestamp loginTimestamp; // (4)
private Timestamp logoutTimestamp; // (5)
private SessionLoggingService.CausedBy causedBy; // (6)
...
}-
sessionIdidentifies the user’s session. Primary key. (Note: it is not the http session id!) -
usernameidentifies the user that has logged in/out -
typedetermines whether this was a login or logout. -
loginTimestampis the date that the login of the session event occurred -
logoutTimestampis the date that the logout of the session event occurred -
`causedBy`indicates whether the session was logged out due to explicit user action, by session expiry, or by the server restarting
The SessionLogEntry entity is designed such that it can be rendered on an Isis user interface if required.
As well as the SessionLoggingServiceDefault service (that implements the SessionLoggingService API), the module
also provides two further domain services:
-
SessionLogEntryRepositoryprovides the ability to search for persisted (SessionLogEntry) entries. None of its actions are visible in the user interface (they are all@Programmatic) and so this service is automatically registered. -
SessionLoggingServiceMenuprovides the secondary "Activity" menu for listing all active sessions and for searching for session entries by user and by date.
The SessionLoggingServiceMenu is automatically registered as a domain service; as such its actions will appear in the
user interface. If this is not required, then either use security permissions or write a vetoing subscriber on the
event bus to hide this functionality, eg:
@DomainService(nature = NatureOfService.DOMAIN)
public class HideIsisAddonsSessionLoggerFunctionality extends AbstractSubscriber {
@Subscribe
public void on(final SessionLoggerModule.ActionDomainEvent<?> event) { event.hide(); }
}There is some overlap with the`AuditingService3` API, which audits changes to entities by end-users. Implementations of this service are referenced by the Isis Add-ons website.
-
1.14.0- released against Isis 1.14.0 -
1.13.1- released against Isis 1.13.0, fixes ticket #7 -
1.13.0- released against Isis 1.13.0 -
1.12.1- released against Isis 1.12.1, updating to current programming model. -
1.12.0- released against Isis 1.12.0 -
1.11.0- released against Isis 1.11.0 -
1.10.0- released against Isis 1.10.0 -
1.9.0- released against Isis 1.9.0 -
1.8.2- released against Isis 1.8.0 -
1.8.1- released against Isis 1.8.0; further CI grief. -
1.8.0- released against Isis 1.8.0; dom module OK, but problem with CI/support files
Copyright 2015-2016 Martin Grigorov & Dan Haywood
Licensed under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.There are no third-party dependencies, however it does use icons from icons8.com.
Only the dom module is deployed, and is done so using Sonatype’s OSS support (see
user guide).
To deploy a snapshot, use:
pushd dom
mvn clean deploy
popdThe artifacts should be available in Sonatype’s Snapshot Repo.
If you have commit access to this project (or a fork of your own) then you can create interim releases using the interim-release.sh script.
The idea is that this will - in a new branch - update the dom/pom.xml with a timestamped version (eg 1.14.0.20170227-0738).
It then pushes the branch (and a tag) to the specified remote.
A CI server such as Jenkins can monitor the branches matching the wildcard origin/interim/* and create a build.
These artifacts can then be published to a snapshot repository.
For example:
sh interim-release.sh 1.14.0 originwhere
-
1.15.0is the base release -
originis the name of the remote to which you have permissions to write to.
The release.sh script automates the release process. It performs the following:
-
performs a sanity check (
mvn clean install -o) that everything builds ok -
bumps the
pom.xmlto a specified release version, and tag -
performs a double check (
mvn clean install -o) that everything still builds ok -
releases the code using
mvn clean deploy -
bumps the
pom.xmlto a specified release version
For example:
sh release.sh 1.14.0 \
1.15.0-SNAPSHOT \
dan@haywood-associates.co.uk \
"this is not really my passphrase"where
* $1 is the release version
* $2 is the snapshot version
* $3 is the email of the secret key (~/.gnupg/secring.gpg) to use for signing
* $4 is the corresponding passphrase for that secret key.
Other ways of specifying the key and passphrase are available, see the `pgp-maven-plugin’s documentation).
If the script completes successfully, then push changes:
git push origin master && git push origin 1.14.0If the script fails to complete, then identify the cause, perform a git reset --hard to start over and fix the issue
before trying again. Note that in the dom’s `pom.xml the nexus-staging-maven-plugin has the
autoReleaseAfterClose setting set to true (to automatically stage, close and the release the repo). You may want
to set this to false if debugging an issue.
According to Sonatype’s guide, it takes about 10 minutes to sync, but up to 2 hours to update search.