SecurityListener should be notified when an ACL check is denied. If it can be done efficiently, it should also be notified when an ACL check is granted. This would allow a listener to determine which permissions are being used by whom on what.
- depends on
-
JENKINS-20999 Extension point for tracking login-related events
-
- Resolved
-
I.e., logging when a AccessDeniedException is thrown (mainly from ACL.checkPermission), and/or caught at top level (ExceptionTranslationFilter.handleException).