No objections, better auditing is always good :-) Colm.
On Wed, May 8, 2013 at 4:21 PM, Oliver Wulff <[email protected]> wrote: > Hi there > > I'd like to add some kind of audit log in the CXF STS where it's logged > whether an authentication was successful or not with context information > like issue/validate/..., principal, appliesto, .... The very first > implementation could just write a log message to an "AUDIT" logger. Others > might log this to a central monitoring component etc. > As all required information can be grabbed within the AbstractOperation > only I was thinking in using Spring ApplicationEventPublisher in the > AbstractOperation implementation and implementing > ApplicationEventPublisherAware. Spring is used anyway in CXF STS. Then I > can introduce a special ApplicationEvent. I don't want to add a dependency > to spring security which defines already an AuthenticationApplicaitonEvent. > Instead, I introduce a custom ApplicationEvent. A default implementation of > an EventListener writes the information into a log file. > > WDYT? > > Thanks > Oli > > > > > ------ > > Oliver Wulff > > Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/> > Solution Architect > http://coders.talend.com > > <http://coders.talend.com>Talend Application Integration Division > http://www.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
