docs(logging): add schema format and example

[ossdhaval]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #issue-number-here

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code change in this pull request focuses on updating the logging configuration for the Janssen Authorization Server. The key changes include providing details on how to manage the logging configuration using different methods (command-line, text-based UI, and REST API), as well as outlining the schema for the Logging configuration. From a security perspective, the notable aspects of this change are the ability to configure the logging level, enable or disable OAuth audit logging, and exclude specific HTTP paths from being logged. These features are important for controlling the amount of sensitive information being logged and reducing the risk of exposing sensitive data.

Files Changed:

• docs/admin/config-guide/logging-configuration.md: This file has been updated to provide comprehensive documentation on managing the logging configuration for the Janssen Authorization Server. The changes include:
  1. Detailed information on how to manage the logging configuration using different methods (command-line, text-based UI, and REST API).
  2. Explanation of the logging configuration schema, including properties like loggingLevel, httpLoggingEnabled, enabledOAuthAuditLogging, and httpLoggingExcludePaths.
  3. Guidance on how to update the logging configuration by modifying the log-config.json file and using the put-config-logging operation.
  4. Highlighting the security-relevant aspects of the logging configuration, such as controlling the logging level, enabling or disabling OAuth audit logging, and excluding specific HTTP paths from being logged.

These changes provide a clear and comprehensive guide for administrators to manage the logging configuration of the Janssen Authorization Server, with a focus on maintaining the security and integrity of the system.

Powered by DryRun Security