WikiSecurityEvent is the WikiEvent subclass for security events: login/logout, wiki group adds/changes, and authorization decisions. When a WikiSecurityEvent is constructed, the security logger LOGGER is notified.
The WikiSecurityEvent types are as follows:
- When a user's attempts to log in as guest, via cookies, using a password or otherwise.
- When a user first accesses JSPWiki, but before logging in or setting a cookie.
- When a user sets a cookie to assert their identity.
- When a user authenticates with a username and password, or via container auth.
- When a login fails due to account expiration.
- When a login fails due to credential expiration.
- When a login fails due to wrong username or password.
- When a user logs out.
- When a session expires.
- When a new wiki group is added.
- When a wiki group is deleted.
- When all wiki groups are removed from GroupDatabase.
- When access to a resource is allowed.
- When access to a resource is denied.
- When a user profile is saved.
These events are logged with priority ERROR:
- login failed - bad credential or password
These events are logged with priority WARN:
- access denied
- login failed - credential expired
- login failed - account expired
These events are logged with priority INFO:
- login succeeded
These events are logged with priority DEBUG:
- access allowed
- add group
- remove group
- clear all groups
- add group member
- remove group member
- clear all members from group