Wouter Coekaerts (Migrated from SEC-1604) said:
While initializing a Spring application context that uses a bit of Spring Security, for a large part the "Validated configuration attributes" message from AbstractSecurityInterceptor is the only message Spring prints at INFO level.
This seems a bit inappropriate. The validation of those attributes is just a small detail, a lot less important than everything else it is doing. And it gives the wrong impression to some developers that validating those attributes is all it is doing during that time (and therefor it looks as if that validation is very slow).
The debug level would be a better fit there.