-
Notifications
You must be signed in to change notification settings - Fork 46
/
DynamicLogLevelProcessor.java
101 lines (91 loc) · 4.2 KB
/
DynamicLogLevelProcessor.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package com.sap.hcp.cf.logging.servlet.dynlog;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.sap.hcp.cf.logging.common.helper.DynamicLogLevelHelper;
/**
* This class provides a mechanism that reads a token from an
* HTTP-request-header. If this token is provided and does contain a correct
* signature, valid timestamps and a log-level-value, the log-level for the
* thread triggered by this request will be changed to the provided value.
*
* You can extend this processor to extract custom claims from the JWT. Override
* {@link DynamicLogLevelProcessor#processJWT(DecodedJWT)} for this.
*/
public class DynamicLogLevelProcessor {
private final static Logger LOGGER = LoggerFactory.getLogger(DynamicLogLevelProcessor.class);
private static final List<String> ALLOWED_DYNAMIC_LOGLEVELS = Arrays.asList("TRACE", "DEBUG", "INFO", "WARN",
"ERROR");
private final TokenDecoder tokenDecoder;
/**
* @deprecated Use
* {@link DynamicLogLevelProcessor#DynamicLogLevelProcessor(RSAPublicKey)}
* instead.
* @param dynLogConfig
* the {@link DynamicLogLevelConfiguration} to read the public RSA key for
* JWT validation from.
*/
@Deprecated
public DynamicLogLevelProcessor(DynamicLogLevelConfiguration dynLogConfig) {
this(dynLogConfig.getRsaPublicKey());
}
public DynamicLogLevelProcessor(RSAPublicKey publicJwtKey) {
this.tokenDecoder = new TokenDecoder(publicJwtKey);
}
/**
* Decodes and validate the JWT. Configures the dynamic log levels by
* setting the corresponding fields in the MDC.
*
* @param logLevelToken
* the HTTP Header containing the JWT for dynamic log levels
*/
public void copyDynamicLogLevelToMDC(String logLevelToken) {
if (logLevelToken == null) {
return;
} else {
try {
DecodedJWT jwt = tokenDecoder.validateAndDecodeToken(logLevelToken);
processJWT(jwt);
} catch (DynamicLogLevelException cause) {
LOGGER.warn("DynamicLogLevelProcessor could not write dynamic log level to MDC", cause);
}
}
}
/**
* Extracts the relevant claims for dynamic log level configuration from the
* decoded token. In case of faulty content, i.e. unknown log level a
* {@link DynamicLogLevelException} is thrown. You can override this method
* to implement own interaction with the JWT, e.g. extraction and validation
* of additional claims.
*
* @param jwt
* the decoded JWT from the HTTP header
* @throws DynamicLogLevelException
* if validation of JWT claims fail
*/
protected void processJWT(DecodedJWT jwt) throws DynamicLogLevelException {
String dynamicLogLevel = jwt.getClaim("level").asString();
String packages = jwt.getClaim("packages").asString();
if (ALLOWED_DYNAMIC_LOGLEVELS.contains(dynamicLogLevel)) {
MDC.put(DynamicLogLevelHelper.MDC_DYNAMIC_LOG_LEVEL_KEY, dynamicLogLevel);
MDC.put(DynamicLogLevelHelper.MDC_DYNAMIC_LOG_LEVEL_PREFIXES, packages);
} else {
throw new DynamicLogLevelException("Dynamic Log-Level [" + dynamicLogLevel +
"] provided in header is not valid. Allowed Values are " +
ALLOWED_DYNAMIC_LOGLEVELS.toString());
}
}
/**
* Resets the current dynamic log level configuration by removing the
* corresponding fields from the MDC. This needs to be called to remove the
* changed log level configuration.
*/
public void removeDynamicLogLevelFromMDC() {
MDC.remove(DynamicLogLevelHelper.MDC_DYNAMIC_LOG_LEVEL_KEY);
MDC.remove(DynamicLogLevelHelper.MDC_DYNAMIC_LOG_LEVEL_PREFIXES);
}
}