When touching some code, I noticed that authorization logging is currently
done rather inconsistently across the call-sites and many cases do not log
the request:

$ grep -R -A 3 'LOG.*Authorizing' src

Should authorization logging be the concern of an authorizer
implementation? For audit purposes I could imagine this also being part of
a separate log that the authorizer maintains?

Ben

Reply via email to