Index: lams_admin/web/WEB-INF/web.xml
===================================================================
diff -u -rae24f0804dbf85a1a8ecca3c2700be61de7ffdd7 -rea3eb45a90b898583f0846acd6cb113344863708
--- lams_admin/web/WEB-INF/web.xml	(.../web.xml)	(revision ae24f0804dbf85a1a8ecca3c2700be61de7ffdd7)
+++ lams_admin/web/WEB-INF/web.xml	(.../web.xml)	(revision ea3eb45a90b898583f0846acd6cb113344863708)
@@ -75,6 +75,10 @@
 		</init-param>
     </filter>
     <filter>
+        <filter-name>SecurityLogFilter</filter-name>
+        <filter-class>org.lamsfoundation.lams.web.filter.SecurityLogFilter</filter-class>
+    </filter>
+    <filter>
         <filter-name>CSRFGuard</filter-name>
         <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
     </filter>
@@ -92,6 +96,10 @@
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
     <filter-mapping>
+        <filter-name>SecurityLogFilter</filter-name>
+        <url-pattern>*.do</url-pattern>
+    </filter-mapping>
+    <filter-mapping>
         <filter-name>CSRFGuard</filter-name>
         <url-pattern>*.do</url-pattern>
     </filter-mapping>
Index: lams_build/conf/slim/standalone.xml
===================================================================
diff -u -rc6a7f1bc8807e7a3c8ec9f5d1aa9d5fc72fe5d03 -rea3eb45a90b898583f0846acd6cb113344863708
--- lams_build/conf/slim/standalone.xml	(.../standalone.xml)	(revision c6a7f1bc8807e7a3c8ec9f5d1aa9d5fc72fe5d03)
+++ lams_build/conf/slim/standalone.xml	(.../standalone.xml)	(revision ea3eb45a90b898583f0846acd6cb113344863708)
@@ -113,6 +113,16 @@
                 <append value="true" />
             </size-rotating-file-handler>
 
+            <periodic-rotating-file-handler name="LAMSSECURITY"
+                autoflush="true">
+                <formatter>
+                    <named-formatter name="LAMSSECURITYPATTERN" />
+                </formatter>
+                <file relative-to="jboss.server.log.dir" path="security.log" />
+                <suffix value="'.'yyyy-MM-dd" />
+                <append value="true" />
+            </periodic-rotating-file-handler>
+
             <!-- ISO8601 date format -->
             <formatter name="HIBERNATEPATTERN">
                 <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} [%t] %-5p %c - %m%n" />
@@ -124,6 +134,10 @@
                 <pattern-formatter
                     pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} [%t:%x] %-5p %c - %m%n" />
             </formatter>
+            <formatter name="LAMSSECURITYPATTERN">
+                <pattern-formatter
+                    pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %m%n" />
+            </formatter>
             
             <!-- ABSOLUTE date format -->
             <formatter name="CONSOLEPATTERN">
@@ -234,6 +248,13 @@
                 </handlers>
             </logger>
             
+            <logger category="org.lamsfoundation.lams.web.filter.SecurityLogFilter" use-parent-handlers="false">
+                <level name="INFO" />
+                <handlers>
+                    <handler name="LAMSSECURITY" />
+                </handlers>
+            </logger>
+            
             <!-- On production change below settings to INFO -->
             
            	 <logger category="io.undertow.request">
Index: lams_build/conf/standalone.xml
===================================================================
diff -u -rc6a7f1bc8807e7a3c8ec9f5d1aa9d5fc72fe5d03 -rea3eb45a90b898583f0846acd6cb113344863708
--- lams_build/conf/standalone.xml	(.../standalone.xml)	(revision c6a7f1bc8807e7a3c8ec9f5d1aa9d5fc72fe5d03)
+++ lams_build/conf/standalone.xml	(.../standalone.xml)	(revision ea3eb45a90b898583f0846acd6cb113344863708)
@@ -141,6 +141,16 @@
                 <max-backup-index value="20" />
                 <append value="true" />
             </size-rotating-file-handler>
+            
+            <periodic-rotating-file-handler name="LAMSSECURITY"
+                autoflush="true">
+                <formatter>
+                    <named-formatter name="LAMSSECURITYPATTERN" />
+                </formatter>
+                <file relative-to="jboss.server.log.dir" path="security.log" />
+                <suffix value="'.'yyyy-MM-dd" />
+                <append value="true" />
+            </periodic-rotating-file-handler>
 
             <!-- ISO8601 date format -->
             <formatter name="HIBERNATEPATTERN">
@@ -153,6 +163,10 @@
                 <pattern-formatter
                     pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} [%t:%x] %-5p %c - %m%n" />
             </formatter>
+            <formatter name="LAMSSECURITYPATTERN">
+                <pattern-formatter
+                    pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %m%n" />
+            </formatter>
             
             <!-- ABSOLUTE date format -->
             <formatter name="CONSOLEPATTERN">
@@ -263,6 +277,13 @@
                 </handlers>
             </logger>
             
+            <logger category="org.lamsfoundation.lams.web.filter.SecurityLogFilter" use-parent-handlers="false">
+                <level name="INFO" />
+                <handlers>
+                    <handler name="LAMSSECURITY" />
+                </handlers>
+            </logger>
+            
             <!-- On production change below settings to INFO -->
             
            	 <logger category="io.undertow.request">
Index: lams_common/src/java/org/lamsfoundation/lams/web/filter/SecurityLogFilter.java
===================================================================
diff -u
--- lams_common/src/java/org/lamsfoundation/lams/web/filter/SecurityLogFilter.java	(revision 0)
+++ lams_common/src/java/org/lamsfoundation/lams/web/filter/SecurityLogFilter.java	(revision ea3eb45a90b898583f0846acd6cb113344863708)
@@ -0,0 +1,80 @@
+package org.lamsfoundation.lams.web.filter;
+
+import java.io.IOException;
+import java.util.Map.Entry;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
+import org.lamsfoundation.lams.web.session.SessionManager;
+import org.lamsfoundation.lams.web.util.AttributeNames;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+/**
+ * Logs requests to controllers with their parameters
+ *
+ * @author Marcin Cieslak
+ */
+public class SecurityLogFilter extends OncePerRequestFilter {
+
+    private static final Logger log = Logger.getLogger(SecurityLogFilter.class);
+
+    @Override
+    public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+	    throws IOException, ServletException {
+	try {
+	    // look for user information
+	    UserDTO user = SecurityLogFilter.getUserDto();
+	    StringBuilder logMessageBuilder = new StringBuilder();
+	    if (user == null) {
+		logMessageBuilder.append("Unauthenticated user ");
+	    } else {
+		logMessageBuilder.append("\"").append(user.getLogin()).append("\" (").append(user.getUserID())
+			.append(") ");
+	    }
+
+	    // what path was called
+	    logMessageBuilder.append("called ").append(request.getRequestURI());
+
+	    // optional parameters
+	    if (!request.getParameterMap().isEmpty()) {
+		logMessageBuilder.append(" with parameters: ");
+		for (Entry<String, String[]> entry : request.getParameterMap().entrySet()) {
+		    String key = entry.getKey();
+		    // skip CSRF parameter
+		    if ("OWASP-CSRFGUARD".equals(key)) {
+			continue;
+		    }
+
+		    // print out all parameters with their values
+		    logMessageBuilder.append(key).append("=[");
+		    String[] values = entry.getValue();
+		    if (values != null && values.length > 0) {
+			for (String value : entry.getValue()) {
+			    logMessageBuilder.append(value).append(", ");
+			}
+			logMessageBuilder.delete(logMessageBuilder.length() - 2, logMessageBuilder.length());
+		    }
+		    logMessageBuilder.append("], ");
+		}
+		logMessageBuilder.delete(logMessageBuilder.length() - 2, logMessageBuilder.length());
+	    }
+
+	    log.info(logMessageBuilder);
+	} catch (Exception e) {
+	    log.error("Exception while logging to security log", e);
+	}
+
+	chain.doFilter(request, response);
+    }
+
+    private static UserDTO getUserDto() {
+	HttpSession ss = SessionManager.getSession();
+	return (UserDTO) ss.getAttribute(AttributeNames.USER);
+    }
+}
\ No newline at end of file