[CMS-14233] Log the 'login successful' event after authorization - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: 14.3.3
Fix Version/s: 14.5.0
Component/s: cms
Labels:
- client-service-team

Flagged:

Flagged

Description

If some user tries to log into the CMS, authenticates correctly but is not authorized, there is still a 'login successful' event which is visible for other users in the activity stream.

We could mitigate this by logging the 'login successful' event after authorization and also maybe renaming the current event (and not showing it in the activity stream).

See org.hippoecm.frontend.session.PluginUserSession#login() which calls #checkApplicationPermission and org.hippoecm.frontend.model.JcrSessionModel#load and #flush

Attachments

Activity

People

Assignee:: Client Service Team

Reporter:: Jeroen Hoffman

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Nov/20 3:11 PM

Updated:: 19/Feb/21 3:04 PM

Resolved:: 18/Feb/21 3:22 PM