You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Oliver Wulff <ow...@talend.com> on 2013/05/08 16:21:21 UTC
Audit log in CXF STS using ApplicationEventPublisher
Hi there
I'd like to add some kind of audit log in the CXF STS where it's logged whether an authentication was successful or not with context information like issue/validate/..., principal, appliesto, .... The very first implementation could just write a log message to an "AUDIT" logger. Others might log this to a central monitoring component etc.
As all required information can be grabbed within the AbstractOperation only I was thinking in using Spring ApplicationEventPublisher in the AbstractOperation implementation and implementing ApplicationEventPublisherAware. Spring is used anyway in CXF STS. Then I can introduce a special ApplicationEvent. I don't want to add a dependency to spring security which defines already an AuthenticationApplicaitonEvent. Instead, I introduce a custom ApplicationEvent. A default implementation of an EventListener writes the information into a log file.
WDYT?
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com
<http://coders.talend.com>Talend Application Integration Division http://www.talend.com
RE: Audit log in CXF STS using ApplicationEventPublisher
Posted by Oliver Wulff <ow...@talend.com>.
I committed the new feature to trunk and 2.7.x and blogged about it here:
http://owulff.blogspot.ch/2013/05/logging-in-apache-cxf-sts-enhanced.html
Thanks
Oli
________________________________________
From: Colm O hEigeartaigh [coheigea@apache.org]
Sent: 08 May 2013 16:55
To: dev@cxf.apache.org
Subject: Re: Audit log in CXF STS using ApplicationEventPublisher
No objections, better auditing is always good :-)
Colm.
On Wed, May 8, 2013 at 4:21 PM, Oliver Wulff <ow...@talend.com> wrote:
> Hi there
>
> I'd like to add some kind of audit log in the CXF STS where it's logged
> whether an authentication was successful or not with context information
> like issue/validate/..., principal, appliesto, .... The very first
> implementation could just write a log message to an "AUDIT" logger. Others
> might log this to a central monitoring component etc.
> As all required information can be grabbed within the AbstractOperation
> only I was thinking in using Spring ApplicationEventPublisher in the
> AbstractOperation implementation and implementing
> ApplicationEventPublisherAware. Spring is used anyway in CXF STS. Then I
> can introduce a special ApplicationEvent. I don't want to add a dependency
> to spring security which defines already an AuthenticationApplicaitonEvent.
> Instead, I introduce a custom ApplicationEvent. A default implementation of
> an EventListener writes the information into a log file.
>
> WDYT?
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Audit log in CXF STS using ApplicationEventPublisher
Posted by Colm O hEigeartaigh <co...@apache.org>.
No objections, better auditing is always good :-)
Colm.
On Wed, May 8, 2013 at 4:21 PM, Oliver Wulff <ow...@talend.com> wrote:
> Hi there
>
> I'd like to add some kind of audit log in the CXF STS where it's logged
> whether an authentication was successful or not with context information
> like issue/validate/..., principal, appliesto, .... The very first
> implementation could just write a log message to an "AUDIT" logger. Others
> might log this to a central monitoring component etc.
> As all required information can be grabbed within the AbstractOperation
> only I was thinking in using Spring ApplicationEventPublisher in the
> AbstractOperation implementation and implementing
> ApplicationEventPublisherAware. Spring is used anyway in CXF STS. Then I
> can introduce a special ApplicationEvent. I don't want to add a dependency
> to spring security which defines already an AuthenticationApplicaitonEvent.
> Instead, I introduce a custom ApplicationEvent. A default implementation of
> an EventListener writes the information into a log file.
>
> WDYT?
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com