feat(jans-auth-server): hide 302 redirect exception in logs #1294

JanssenProject · May 10, 2022 · 00197c7 · 00197c7
1 parent 88c3fff
commit 00197c7
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/...r/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/...r/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java
@@ -288,7 +288,7 @@ private Response requestAuthorization(AuthzRequest authzRequest) {
             builder = authorize(authzRequest);
         } catch (WebApplicationException e) {
             applicationAuditLogger.sendMessage(authzRequest.getAuditLog());
-            if (log.isErrorEnabled())
+            if (log.isErrorEnabled() && canLogWebApplicationException(e))
                 log.error(e.getMessage(), e);
             throw e;
         } catch (AcrChangedException e) { // Acr changed
@@ -322,6 +322,14 @@ private Response requestAuthorization(AuthzRequest authzRequest) {
         return builder.build();
     }
 
+    private static boolean canLogWebApplicationException(WebApplicationException e) {
+        if (e == null || e.getResponse() == null) {
+            return false;
+        }
+        final int status = e.getResponse().getStatus();
+        return status != 302;
+    }
+
     private ResponseBuilder authorize(AuthzRequest authzRequest) throws AcrChangedException, SearchException, TokenBindingParseException {
         String tokenBindingHeader = authzRequest.getHttpRequest().getHeader("Sec-Token-Binding");
         List<Prompt> prompts = Prompt.fromString(authzRequest.getPrompt(), " ");