WikiSecurityEvent is a sublass of WikiEvent for security events: login/logout, wiki group adds/changes, and authorization decisions. When a WikiSecurityEvent is constructed, the security logger is notified. It defines the event types as described below.
These events are logged with priority ERROR:
- login failed - bad credential or password : When a login fails due to wrong username or password.
These events are logged with priority WARN:
- login failed - credential expired : When a login fails due to credential expiration.
- login failed - account expired : When a login fails due to account expiration.
These events are logged with priority INFO:
- login authenticated : When a user authenticates with a username and password, or via container auth.
- logout : When a user logs out.
- session expired : When a session expires.
- user profile name changed : When a user profile name changes.
These events are not logged:
- access allowed : When access to a resource is allowed.
- access denied : When access to a resource is allowed.
- login initiated : When a user's attempts to log in as guest, via cookies, using a password or otherwise.
- login anonymous : When a user first accesses JSPWiki, but before logging in or setting a cookie.
- login asserted : When a user sets a cookie to assert their identity.
- user profile saved : When a user profile is saved.
- add group : When a new wiki group is added.
- remove group : When a wiki group is deleted.
- clear all groups : When all wiki groups are removed from GroupDatabase.
These events no longer exist:
- add group member : DESCRIPTION TBD
- remove group member : DESCRIPTION TBD
- clear all members from group : DESCRIPTION TBD
Add new attachment
Only authorized users are allowed to upload new attachments.