I posted this to the Spring Forums. http://forum.springframework.org/showthread.php?p=42584#post42584
On 12/1/05, Matt Raible <[EMAIL PROTECTED]> wrote: > We could take out the LoggerListener bean in security.xml. I agree > that these should be set to INFO for successful authentications. I > can open an issue on this if you like. > > Matt > > On 12/1/05, Allen Gilliland <[EMAIL PROTECTED]> wrote: > > Matt, > > > > is there any way we can cut down on these kinds of messages without having > > to set the logger to ERROR level or higher? > > > > WARN 2005-12-01 11:08:32,047 LoggerListener:onApplicationEvent - > > Authentication event AuthenticationFailureBadCredentialsEvent: admin; > > details: [EMAIL PROTECTED]: RemoteIpAddress: 129.146.114.93; SessionId: > > FACEEDD1DA66AF85C817518776F193D5; exception: Bad credentials presented > > WARN 2005-12-01 11:08:50,331 LoggerListener:onApplicationEvent - > > Authentication event AuthenticationSuccessEvent: admin; details: [EMAIL > > PROTECTED]: RemoteIpAddress: 129.146.114.93; SessionId: > > FACEEDD1DA66AF85C817518776F193D5 > > WARN 2005-12-01 11:08:50,343 LoggerListener:onApplicationEvent - > > Authentication event InteractiveAuthenticationSuccessEvent: admin; details: > > [EMAIL PROTECTED]: RemoteIpAddress: 129.146.114.93; SessionId: > > FACEEDD1DA66AF85C817518776F193D5 > > > > why on earth would they have WARN level logging for simply indicating > > passed/failed authentications?? > > > > -- Allen > > > > > > On Mon, 2005-11-28 at 15:31, Allen Gilliland wrote: > > > On Mon, 2005-11-28 at 13:23, Matt Raible wrote: > > > > > > > > > > > > 1. Use the ports from roller.properties to configure SSL Switching. > > > > > > > > > > > > This should be configurable with a PortResolverImpl - here's an > > > > > > example: > > > > > > > > > > > > http://forum.springframework.org/showthread.php?t=19903 > > > > > > > > > > agreed. > > > > > > > > > > > > > > > > > 2. Add the channelProcessFilter to the "filterChainProxy" bean if > > > > > > SSL > > > > > > should be used to secure certain pages. > > > > > > > > > > can we do this programmatically? it would suck if users had to > > > > > modify the xml file in the webapp just to enable secure logins. > > > > > > > > We should be able to configure everything programmatically (after > > > > initial load). If you look at the new method I added to > > > > RollerContext, you'll see that many beans are manipulated after the > > > > fact. > > > > > > > > It should just be a matter of grabbing the existing property and > > > > manipulating it, then re-setting it. > > > > > > Ah, I get it now. Very cool. > > > > > > -- Allen > > > > > > > > > > > > > >
