WikiSecurityEvent is a sublass of WikiEvent for security events: login/logout, wiki group adds/changes, and authorization decisions. When a WikiSecurityEvent is constructed, the security logger is notified. It defines the event types as described below.

These events are logged with priority ERROR:

• login failed - bad credential or password : When a login fails due to wrong username or password.

These events are logged with priority WARN:

• login failed - credential expired : When a login fails due to credential expiration.
• login failed - account expired : When a login fails due to account expiration.

These events are logged with priority INFO:

• login authenticated : When a user authenticates with a username and password, or via container auth.
• logout : When a user logs out.
• session expired : When a session expires.
• user profile name changed : When a user profile name changes.

These events are not logged:

• access allowed : When access to a resource is allowed.
• access denied : When access to a resource is allowed.
• login initiated : When a user's attempts to log in as guest, via cookies, using a password or otherwise.
• login anonymous : When a user first accesses JSPWiki, but before logging in or setting a cookie.
• login asserted : When a user sets a cookie to assert their identity.
• user profile saved : When a user profile is saved.
• add group : When a new wiki group is added.
• remove group : When a wiki group is deleted.
• clear all groups : When all wiki groups are removed from GroupDatabase.

These events no longer exist:

• add group member : DESCRIPTION TBD
• remove group member : DESCRIPTION TBD
• clear all members from group : DESCRIPTION TBD