Skip to content
Permalink
Browse files
Merge pull request #14 from myrle-krantz/develop
Improving logging to make debugging easier.
  • Loading branch information
myrle-krantz committed Jul 18, 2017
2 parents e6e94ee + 8a4b045 commit 1f511a52f500f6de5399b1bbfcf2a2f395790c4e
Showing 2 changed files with 73 additions and 2 deletions.
@@ -0,0 +1,55 @@
<!--
Copyright 2017 The Mifos Initiative.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configuration>
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>logs/anubis.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>logs/archive/anubis.%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>7</maxHistory>
<totalSizeCap>2GB</totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>

<logger name="com" level="INFO">
<appender-ref ref="STDOUT" />
</logger>

<logger name="org" level="INFO">
<appender-ref ref="STDOUT" />
</logger>

<logger name="io" level="INFO">
<appender-ref ref="STDOUT" />
</logger>

<logger name="net" level="INFO">
<appender-ref ref="STDOUT" />
</logger>

<root level="DEBUG">
<appender-ref ref="FILE"/>
</root>
</configuration>
@@ -22,7 +22,9 @@
import io.mifos.anubis.provider.TenantRsaKeyProvider;
import io.mifos.anubis.token.TokenType;

import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
@@ -34,6 +36,8 @@
import java.security.Key;
import java.util.Optional;

import static io.mifos.anubis.config.AnubisConstants.LOGGER_NAME;


/**
* @author Myrle Krantz
@@ -45,19 +49,22 @@ public class IsisAuthenticatedAuthenticationProvider implements AuthenticationPr
private final SystemAuthenticator systemAuthenticator;
private final TenantAuthenticator tenantAuthenticator;
private final GuestAuthenticator guestAuthenticator;
private final Logger logger;

@Autowired
public IsisAuthenticatedAuthenticationProvider(
final SystemRsaKeyProvider systemRsaKeyProvider,
final TenantRsaKeyProvider tenantRsaKeyProvider,
final SystemAuthenticator systemAuthenticator,
final TenantAuthenticator tenantAuthenticator,
final GuestAuthenticator guestAuthenticator) {
final GuestAuthenticator guestAuthenticator,
final @Qualifier(LOGGER_NAME) Logger logger) {
this.systemRsaKeyProvider = systemRsaKeyProvider;
this.tenantRsaKeyProvider = tenantRsaKeyProvider;
this.systemAuthenticator = systemAuthenticator;
this.tenantAuthenticator = tenantAuthenticator;
this.guestAuthenticator = guestAuthenticator;
this.logger = logger;
}

@Override public boolean supports(final Class<?> clazz) {
@@ -91,6 +98,7 @@ private Authentication convert(final @Nonnull String user, final String authenti
case SYSTEM:
return systemAuthenticator.authenticate(user, x, tokenInfo.getKeyTimestamp());
default:
logger.debug("Authentication failed for a token with a token type other than tenant or system.");
throw AmitAuthenticationException.invalidTokenIssuer(tokenInfo.getType().getIssuer());
}
}).orElseGet(() -> guestAuthenticator.authenticate(user));
@@ -103,6 +111,7 @@ private Optional<String> getJwtTokenString(final String authenticationHeader) {
}

if (!authenticationHeader.startsWith(TokenConstants.PREFIX)) {
logger.debug("Authentication failed for a token which does not begin with the token prefix.");
throw AmitAuthenticationException.invalidHeader();
}
return Optional.of(authenticationHeader.substring(TokenConstants.PREFIX.length()).trim());
@@ -124,15 +133,18 @@ private Optional<String> getJwtTokenString(final String authenticationHeader) {
case SYSTEM:
return systemRsaKeyProvider.getPublicKey(keyTimestamp);
default:
logger.debug("Authentication failed in token type discovery for a token with a token type other than tenant or system.");
throw AmitAuthenticationException.invalidTokenIssuer(tokenType.getIssuer());
}
}
catch (final IllegalArgumentException e)
{
logger.debug("Authentication failed because no tenant was provided.");
throw AmitAuthenticationException.missingTenant();
}
catch (final InvalidKeyTimestampException e)
{
logger.debug("Authentication failed because the provided key timestamp is invalid.");
throw AmitAuthenticationException.invalidTokenKeyTimestamp(tokenType.getIssuer(), keyTimestamp);
}
}
@@ -145,6 +157,7 @@ private Optional<String> getJwtTokenString(final String authenticationHeader) {
final String alg = jwt.getHeader().get("alg").toString();
final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.forName(alg);
if (!signatureAlgorithm.isRsa()) {
logger.debug("Authentication failed because the token is signed with an algorithm other than RSA.");
throw AmitAuthenticationException.invalidTokenAlgorithm(alg);
}

@@ -155,6 +168,7 @@ private Optional<String> getJwtTokenString(final String authenticationHeader) {
}
catch (final JwtException e)
{
logger.debug("Authentication failed because token parsing failed.");
throw AmitAuthenticationException.invalidToken();
}
}
@@ -166,8 +180,10 @@ private Optional<String> getJwtTokenString(final String authenticationHeader) {
private @Nonnull TokenType getTokenTypeFromClaims(final Claims claims) {
final String issuer = claims.getIssuer();
final Optional<TokenType> tokenType = TokenType.valueOfIssuer(issuer);
if (!tokenType.isPresent())
if (!tokenType.isPresent()) {
logger.debug("Authentication failed for a token with a missing or invalid token type.");
throw AmitAuthenticationException.invalidTokenIssuer(issuer);
}
return tokenType.get();
}
}

0 comments on commit 1f511a5

Please sign in to comment.