[cas-dev] Logging in CAS4
Scott Battaglia
scott.battaglia at gmail.com
Tue Feb 3 09:07:44 EST 2009
We'll follow the same method we've been following in CAS3 which is to ensure
that all provided credential classes implement a well-behaved toString
method and document in the Credential interface the contract for toString.
We can also make it clear in our User Manual about how those are logged.
95% of the people (or more) use one of the provided Credential objects or
extend an existing one.
-Scott
On Tue, Feb 3, 2009 at 8:45 AM, Marvin S. Addison
<marvin.addison at gmail.com>wrote:
> > we should use a belt and suspenders on this one and never pass
> > credential objects to anything, even a logger, but only pass sanitized
> > objects that the Credentials object tell us is safe.
>
> I like the idea of passing a safe string representation of a credential
> to the logging infrastructure, e.g. CredentialString. It's difficult to
> imagine, though, how the conversion to such an object would occur via an
> aspect on a method that is given a Credential to begin with.
>
> I don't think there's anything to be gained from subclassing Credential
> or a separate getLogData method, because you're still passing the
> complete credential to other components. You gain nothing over a
> well-behaved toString method in those cases.
>
> M
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20090203/a048c120/attachment-0001.html
More information about the cas-dev
mailing list