Feature #5481

Implement meaningful logging for security / authentication

Added by Robert Lemke almost 10 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Should have
Assignee:
Category:
Security
Start date:
2009-11-24
Due date:
% Done:

100%

PHP Version:
Has patch:
Complexity:

Description

Finding out what's wrong during the authentication process can be cumbersome due to its complexity. Therefore we need some meaningful logging which helps debugging new client code (or the security framework itself) and at the same time audit the authentication mechanism of an application.

Logging should be implemented as an aspect. Advices should only be active if this is required by current logging threshold.

Associated revisions

Revision b91aa398 (diff)
Added by Robert Lemke almost 10 years ago

[+API] FLOW3 (AOP): Added the JoinPoint class to the supported API. Also added a new method "hasException()" to the JoinPoint implementation. Resolves #5480
[~TASK] FLOW3 (Cache): Set the log level of flushCachesByTag to DEBUG
[~FEATURE] FLOW3 (Security): Implemented a logging aspect which currently logs all relevant actions of the authentication mechanism. The advices are currently active regardless of the configured logging threshold. Addresses #5481
[~TASK] FLOW3 (Security): Removed getSecurityContext() from the Authentication Manager Interface – it was not used anywhere.
[~CONFIGURATION] FLOW3 (Security): Removed the requestPatterns configuration from the default security configuration. This configuration was only an example and got in the way if one wanted to reuse the DefaultProvider configuration for other login controllers.
[~TASK] Fluid (ViewHelpers): Corrected some inline documentation in the FormViewHelper

History

#1 Updated by Robert Lemke almost 10 years ago

  • % Done changed from 0 to 90

#2 Updated by Robert Lemke over 9 years ago

  • Status changed from Accepted to Resolved
  • % Done changed from 90 to 100

Also available in: Atom PDF