Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add Hooks for Java Event Listeners

Description

Allowing to add Event Handlers in Java will open a whole new set of possibilities when it comes to security, monitoring, and session management.

The proposal is to allow a Java application to subscribe to events with a callback method, which Lucee will call with a `java.util.Map` with more information. A return value will indicate to Lucee whether to continue as usual or not.

For example, the Java Interface for the callback will be something like:

interface LuceeEventHandler { boolean handleEvent(Map details); }

Then Lucee will allow to subscribe to events like RequestStart, RequestEnd, SessionStart, SessionEnd, etc.

LuceeEngine.addEventListener( "RequestStart", myEventHandler );

So now you can write an event handler that will inspect the CGI scope and kill the request if it concludes that this is a hacking probe. Obviously this will run much much faster than an equivalent CFML implementation, and can run before a Session object is initialized in the case of a Request, or construct the Session object in case of a SessionStart listener.

It opens up many new possibilities.

Activity

Show:

Pete Freitag 8 March 2018 at 15:37

Any update on this?

I've looked at the RequestMonitor and ActionMonitor but they are only logging the event after the fact - I'd like to hook in before it executes in both cases.

Brad Wood 29 January 2016 at 17:27

I'll try to add this to the Lang discussion as well, but so I don't forget-- I have two suggestions regarding event listeners inspired by features of ColdBox interceptors. They might be nice to work into the design.

  1. Allow CFML application code to define custom events that can be broadcast and listened to from the "Java" side (or CFML) in addition to the standard application lifecycle events. Ex: "orderCreated".

  2. Allow CFML application code to attach event listeners at runtime without needing to extend application.cfc. This would be useful for frameworks like ColdBox that allows users to respond to application lifecycle events with their application's controllers. Currently it is necessary to either extend Application.cfc, or provide a lot of boilerplate.

These two features would need some sort of BIF or object (with methods) by which to register listeners and announce events.

Brad Wood 27 January 2016 at 20:33

Discussed in TAG meeting. Setting to public consultation. Micha will help document the existing mechanism in the Lang forum and we'll discuss a more specific implementation that is based on what we already have.

Michael Offner 18 January 2016 at 17:33

i only point out what we already have ..., then whatever we do it should be based on the same backend ...

Igal Sapir 16 January 2016 at 00:39

You are favoring a very limited, un-intuitive, API just because it's there (and please note that maybe one developer in the world have used it winking face) while I am proposing an expanded API that will allow endless possibilities.

Details

Assignee

Reporter

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Priority

Created 14 December 2015 at 19:20
Updated 8 January 2022 at 16:13

Flag notifications