[cas-dev] Logging in CAS4
Marvin S. Addison
marvin.addison at gmail.com
Tue Feb 3 08:45:53 EST 2009
> we should use a belt and suspenders on this one and never pass
> credential objects to anything, even a logger, but only pass sanitized
> objects that the Credentials object tell us is safe.
I like the idea of passing a safe string representation of a credential
to the logging infrastructure, e.g. CredentialString. It's difficult to
imagine, though, how the conversion to such an object would occur via an
aspect on a method that is given a Credential to begin with.
I don't think there's anything to be gained from subclassing Credential
or a separate getLogData method, because you're still passing the
complete credential to other components. You gain nothing over a
well-behaved toString method in those cases.
M
More information about the cas-dev
mailing list