[cas-dev] Logging in CAS4
Marvin S. Addison
marvin.addison at gmail.com
Tue Feb 3 09:06:16 EST 2009
In general logging should have a high signal to noise ratio. I think
logging statements _before_ a critical action and _not_ after it are
helpful to achieving that goal. Saying nothing is equivalent to
success, while a stack trace or WARN message indicates failure. If
there is a feeling that before/after logging is necessary, I would like
the following logging statements at a lower level (e.g. TRACE) so they
can be disabled.
Some things in particular I'd like to see/keep:
- WARN messages for authentication failures that contain an identifier
from the credential (username, X.509 subject DN)
- INFO messages for authentication success that contain the resolved
CAS principal
- INFO messages for ticket generation, consumption, and expiration
- Service URLs in ST generation messages
The current logging standands are good and could only be improved by
fewer, more concise messages.
Regards,
Marvin
More information about the cas-dev
mailing list