Skip to content

Commit

Permalink
Merge pull request keycloak#686 from mposolda/master
Browse files Browse the repository at this point in the history 
KEYCLOAK-674 Reduce info level logging in adapters
  • Loading branch information
@mposolda
mposolda committed Sep 10, 2014
2 parents ec1434c 4c0751c commit 5e51204
Show file tree
Hide file tree
Showing 13 changed files with 71 additions and 48 deletions.
2 changes: 0 additions & 2 deletions integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
View file
Original file line number Diff line number Diff line change
@@ -1,7 1,6 @@
package org.keycloak.adapters;

import org.apache.http.client.HttpClient;
import org.jboss.logging.Logger;
import org.keycloak.ServiceUrlConstants;
import org.keycloak.enums.SslRequired;
import org.keycloak.util.KeycloakUriBuilder;
Expand All @@ -16,7 15,6 @@
* @version $Revision: 1 $
*/
public class KeycloakDeployment {
private static final Logger log = Logger.getLogger(KeycloakDeployment.class);

protected boolean relativeUrls;
protected String realm;
Expand Down
16 changes: 8 additions & 8 deletions integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 109,7 @@ protected String getCode() {

protected String getRedirectUri(String state) {
String url = getRequestUrl();
log.infof("callback uri: %s", url);
log.debugf("callback uri: %s", url);
if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) {
int port = sslRedirectPort();
if (port < 0) {
Expand Down Expand Up @@ -148,7 148,7 @@ public boolean challenge(HttpFacade exchange) {
exchange.getResponse().setStatus(403);
return true;
}
log.info("Sending redirect to login page: " redirect);
log.debug("Sending redirect to login page: " redirect);
exchange.getResponse().setStatus(302);
exchange.getResponse().setCookie(deployment.getStateCookieName(), state, /* need to set path? */ null, null, -1, deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr()), false);
exchange.getResponse().setHeader("Location", redirect);
Expand All @@ -165,7 165,7 @@ protected AuthChallenge checkStateCookie() {
return challenge(400);
}
// reset the cookie
log.info("** reseting application state cookie");
log.debug("** reseting application state cookie");
facade.getResponse().resetCookie(deployment.getStateCookieName(), stateCookie.getPath());
String stateCookieValue = getCookieValue(deployment.getStateCookieName());

Expand All @@ -187,21 187,21 @@ protected AuthChallenge checkStateCookie() {
public AuthOutcome authenticate() {
String code = getCode();
if (code == null) {
log.info("there was no code");
log.debug("there was no code");
String error = getError();
if (error != null) {
// todo how do we send a response?
log.warn("There was an error: " error);
challenge = challenge(400);
return AuthOutcome.FAILED;
} else {
log.info("redirecting to auth server");
log.debug("redirecting to auth server");
challenge = loginRedirect();
saveRequest();
return AuthOutcome.NOT_ATTEMPTED;
}
} else {
log.info("there was a code, resolving");
log.debug("there was a code, resolving");
challenge = resolveCode(code);
if (challenge != null) {
return AuthOutcome.FAILED;
Expand Down Expand Up @@ -246,7 246,7 @@ protected AuthChallenge resolveCode(String code) {
return challenge(403);
}

log.info("checking state cookie for after code");
log.debug("checking state cookie for after code");
AuthChallenge challenge = checkStateCookie();
if (challenge != null) return challenge;

Expand Down Expand Up @@ -292,7 292,7 @@ protected AuthChallenge resolveCode(String code) {
log.error("Stale token");
return challenge(403);
}
log.info("successful authenticated");
log.debug("successful authenticated");
return null;
}

Expand Down
20 changes: 14 additions & 6 deletions integration/adapter-core/src/main/java/org/keycloak/adapters/PreAuthActionsHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 113,9 @@ public boolean preflightCors() {
}

protected void handleLogout() {
log.info("K_LOGOUT sent");
if (log.isTraceEnabled()) {
log.trace("K_LOGOUT sent");
}
try {
JWSInput token = verifyAdminRequest();
if (token == null) {
Expand All @@ -123,12 125,12 @@ protected void handleLogout() {
if (!validateAction(action)) return;
String user = action.getUser();
if (user != null) {
log.info("logout of session for: " user);
log.debug("logout of session for: " user);
userSessionManagement.logoutUser(user);
} else if (action.getSession() != null) {
userSessionManagement.logoutKeycloakSession(action.getSession());
} else {
log.info("logout of all sessions");
log.debug("logout of all sessions");
if (action.getNotBefore() > deployment.getNotBefore()) {
deployment.setNotBefore(action.getNotBefore());
}
Expand All @@ -142,7 144,9 @@ protected void handleLogout() {


protected void handlePushNotBefore() {
log.info("K_PUSH_NOT_BEFORE sent");
if (log.isTraceEnabled()) {
log.trace("K_PUSH_NOT_BEFORE sent");
}
try {
JWSInput token = verifyAdminRequest();
if (token == null) {
Expand Down Expand Up @@ -205,7 209,9 @@ protected boolean validateAction(AdminAction action) {
}

protected void handleGetSessionStats() {
log.info("K_GET_SESSION_STATS sent");
if (log.isTraceEnabled()) {
log.trace("K_GET_SESSION_STATS sent");
}
try {
JWSInput token = verifyAdminRequest();
if (token == null) return;
Expand All @@ -229,7 235,9 @@ protected void handleGetSessionStats() {
}
}
protected void handleGetUserStats() {
log.info("K_GET_USER_STATS sent");
if (log.isTraceEnabled()) {
log.trace("K_GET_USER_STATS sent");
}
try {
JWSInput token = verifyAdminRequest();
if (token == null) return;
Expand Down
14 changes: 10 additions & 4 deletions .../adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSecurityContext.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 63,15 @@ public void setDeployment(KeycloakDeployment deployment) {
}

public void refreshExpiredToken() {
log.info("checking whether to refresh.");
if (log.isTraceEnabled()) {
log.trace("checking whether to refresh.");
}
if (isActive()) return;
if (this.deployment == null || refreshToken == null) return; // Might be serialized in HttpSession?

log.info("Doing refresh");
if (log.isTraceEnabled()) {
log.trace("Doing refresh");
}
AccessTokenResponse response = null;
try {
response = ServerRequest.invokeRefresh(deployment, refreshToken);
Expand All @@ -78,12 82,14 @@ public void refreshExpiredToken() {
log.error("Refresh token failure status: " httpFailure.getStatus() " " httpFailure.getError());
return;
}
log.info("received refresh response");
if (log.isTraceEnabled()) {
log.trace("received refresh response");
}
String tokenString = response.getToken();
AccessToken token = null;
try {
token = RSATokenVerifier.verifyToken(tokenString, deployment.getRealmKey(), deployment.getRealm());
log.info("Token Verification succeeded!");
log.debug("Token Verification succeeded!");
} catch (VerificationException e) {
log.error("failed verification of token");
}
Expand Down
23 changes: 15 additions & 8 deletions integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,29 31,36 @@ public AuthChallenge getChallenge() {
}

public AuthOutcome authenticate() {
log.info("--> authenticate()");
if (log.isTraceEnabled()) {
log.trace("--> authenticate()");
}
BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator();
log.info("try bearer");
if (log.isTraceEnabled()) {
log.trace("try bearer");
}
AuthOutcome outcome = bearer.authenticate(facade);
if (outcome == AuthOutcome.FAILED) {
challenge = bearer.getChallenge();
log.info("Bearer FAILED");
log.debug("Bearer FAILED");
return AuthOutcome.FAILED;
} else if (outcome == AuthOutcome.AUTHENTICATED) {
if (verifySSL()) return AuthOutcome.FAILED;
completeAuthentication(bearer);
log.info("Bearer AUTHENTICATED");
log.debug("Bearer AUTHENTICATED");
return AuthOutcome.AUTHENTICATED;
} else if (deployment.isBearerOnly()) {
challenge = bearer.getChallenge();
log.info("NOT_ATTEMPTED: bearer only");
log.debug("NOT_ATTEMPTED: bearer only");
return AuthOutcome.NOT_ATTEMPTED;
}

log.info("try oauth");
if (log.isTraceEnabled()) {
log.trace("try oauth");
}

if (isCached()) {
if (verifySSL()) return AuthOutcome.FAILED;
log.info("AUTHENTICATED: was cached");
log.debug("AUTHENTICATED: was cached");
return AuthOutcome.AUTHENTICATED;
}

Expand All @@ -77,7 84,7 @@ public AuthOutcome authenticate() {
facade.getResponse().setStatus(302);
facade.getResponse().end();

log.info("AUTHENTICATED");
log.debug("AUTHENTICATED");
return AuthOutcome.AUTHENTICATED;
}

Expand Down
2 changes: 1 addition & 1 deletion ...n/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/AuthenticatedActionsValve.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 31,7 @@ public class AuthenticatedActionsValve extends ValveBase {

public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container, ObjectName controller) {
this.deploymentContext = deploymentContext;
if (next == null) throw new RuntimeException("WTF is next null?!");
if (next == null) throw new RuntimeException("Next valve is null!!!");
setNext(next);
setContainer(container);
setController(controller);
Expand Down
8 changes: 6 additions & 2 deletions .../as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 123,9 @@ protected void init() {
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
try {
log.info("invoke");
if (log.isTraceEnabled()) {
log.trace("invoke");
}
CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response);
PreAuthActionsHandler handler = new PreAuthActionsHandler(userSessionManagement, deploymentContext, facade);
if (handler.handleRequest()) {
Expand All @@ -137,7 139,9 @@ public void invoke(Request request, Response response) throws IOException, Servl

@Override
public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException {
log.info("*** authenticate");
if (log.isTraceEnabled()) {
log.trace("*** authenticate");
}
CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
Expand Down
4 changes: 2 additions & 2 deletions ...ion/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 29,15 @@ public class KeycloakLoginModule extends AbstractServerLoginModule {
@SuppressWarnings("unchecked")
@Override
public boolean login() throws LoginException {
log.info("KeycloakLoginModule.login()");
log.debug("KeycloakLoginModule.login()");
if (super.login() == true) {
log.info("super.login()==true");
return true;
}

Object credential = getCredential();
if (credential != null && (credential instanceof KeycloakAccount)) {
log.info("Found Account");
log.debug("Found Account");
KeycloakAccount account = (KeycloakAccount)credential;
roleSet = account.getRoles();
identity = account.getPrincipal();
Expand Down
16 changes: 10 additions & 6 deletions ...ration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 48,15 @@ public KeycloakUndertowAccount(KeycloakPrincipal principal, RefreshableKeycloakS
protected void setRoles(AccessToken accessToken) {
Set<String> roles = null;
if (session.getDeployment().isUseResourceRoleMappings()) {
log.info("useResourceRoleMappings");
if (log.isTraceEnabled()) {
log.trace("useResourceRoleMappings");
}
AccessToken.Access access = accessToken.getResourceAccess(session.getDeployment().getResourceName());
if (access != null) roles = access.getRoles();
} else {
log.info("use realm role mappings");
if (log.isTraceEnabled()) {
log.trace("use realm role mappings");
}
AccessToken.Access access = accessToken.getRealmAccess();
if (access != null) roles = access.getRoles();
}
Expand Down Expand Up @@ -88,18 92,18 @@ public void setDeployment(KeycloakDeployment deployment) {
public boolean isActive() {
// this object may have been serialized, so we need to reset realm config/metadata
if (session.isActive()) {
log.info("session is active");
log.debug("session is active");
return true;
}

log.info("session is not active try refresh");
log.debug("session is not active try refresh");
session.refreshExpiredToken();
if (!session.isActive()) {
log.info("session is not active return with failure");
log.debug("session is not active return with failure");

return false;
}
log.info("refresh succeeded");
log.debug("refresh succeeded");

setRoles(session.getToken());
return true;
Expand Down
8 changes: 4 additions & 4 deletions ...on/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,22 49,22 @@ protected boolean isCached() {
HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest();
HttpSession session = req.getSession(false);
if (session == null) {
log.info("session was null, returning null");
log.debug("session was null, returning null");
return false;
}
KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName());
if (account == null) {
log.info("Account was not in session, returning null");
log.debug("Account was not in session, returning null");
return false;
}
account.setDeployment(deployment);
if (account.isActive()) {
log.info("Cached account found");
log.debug("Cached account found");
securityContext.authenticationComplete(account, "KEYCLOAK", false);
propagateKeycloakContext( account);
return true;
}
log.info("Account was not active, returning null");
log.debug("Account was not active, returning null");
session.setAttribute(KeycloakUndertowAccount.class.getName(), null);
return false;
}
Expand Down
2 changes: 0 additions & 2 deletions integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 21,6 @@
import io.undertow.util.AttachmentKey;
import io.undertow.util.Headers;
import io.undertow.util.HttpString;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.HttpFacade;
import org.keycloak.util.KeycloakUriBuilder;
Expand All @@ -39,7 38,6 @@
* @version $Revision: 1 $
*/
public class UndertowHttpFacade implements HttpFacade {
private static final Logger log = Logger.getLogger(UndertowHttpFacade.class);
public static final AttachmentKey<KeycloakSecurityContext> KEYCLOAK_SECURITY_CONTEXT_KEY = AttachmentKey.create(KeycloakSecurityContext.class);

protected HttpServerExchange exchange;
Expand Down
2 changes: 0 additions & 2 deletions ...ation/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 24,6 @@
import io.undertow.server.session.Session;
import io.undertow.util.AttachmentKey;
import io.undertow.util.Sessions;
import org.jboss.logging.Logger;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AuthChallenge;
import org.keycloak.adapters.AuthOutcome;
Expand All @@ -36,7 35,6 @@
* @author Stan Silvert [email protected] (C) 2014 Red Hat Inc.
*/
public abstract class UndertowKeycloakAuthMech implements AuthenticationMechanism {
private static final Logger log = Logger.getLogger(UndertowKeycloakAuthMech.class);
public static final AttachmentKey<AuthChallenge> KEYCLOAK_CHALLENGE_ATTACHMENT_KEY = AttachmentKey.create(AuthChallenge.class);
protected AdapterDeploymentContext deploymentContext;

Expand Down
2 changes: 1 addition & 1 deletion ...dfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 39,7 @@ public WildflyRequestAuthenticator(HttpFacade facade, KeycloakDeployment deploym
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
super.propagateKeycloakContext(account);
SecurityInfoHelper.propagateSessionInfo(account);
log.info("propagate security context to wildfly");
log.debug("propagate security context to wildfly");
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
principals.add(account.getPrincipal());
Expand Down

0 comments on commit 5e51204

Please sign in to comment.