Hi there I'd like to add some kind of audit log in the CXF STS where it's logged whether an authentication was successful or not with context information like issue/validate/..., principal, appliesto, .... The very first implementation could just write a log message to an "AUDIT" logger. Others might log this to a central monitoring component etc. As all required information can be grabbed within the AbstractOperation only I was thinking in using Spring ApplicationEventPublisher in the AbstractOperation implementation and implementing ApplicationEventPublisherAware. Spring is used anyway in CXF STS. Then I can introduce a special ApplicationEvent. I don't want to add a dependency to spring security which defines already an AuthenticationApplicaitonEvent. Instead, I introduce a custom ApplicationEvent. A default implementation of an EventListener writes the information into a log file.
WDYT? Thanks Oli ------ Oliver Wulff Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/> Solution Architect http://coders.talend.com <http://coders.talend.com>Talend Application Integration Division http://www.talend.com
