Adding authorization logging messages.

library/src/main/java/io/mifos/anubis/config/AnubisSecurityConfigurerAdapter.java

@@ -21,6 +21,7 @@
 import io.mifos.anubis.security.IsisAuthenticatedAuthenticationProvider;
 import io.mifos.anubis.security.UrlPermissionChecker;
 import org.apache.http.HttpStatus;
+import org.slf4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
@@ -42,13 +43,20 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import static io.mifos.anubis.config.AnubisConstants.LOGGER_NAME;
+
 /**
  * @author Myrle Krantz
  */
 @SuppressWarnings("WeakerAccess")
 @Configuration
 @EnableWebSecurity
 public class AnubisSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+  final private Logger logger;
+
+  public AnubisSecurityConfigurerAdapter(final @Qualifier(LOGGER_NAME) Logger logger) {
+    this.logger = logger;
+  }
 
   @PostConstruct
   public void configureSecurityContext()
@@ -83,7 +91,7 @@ public FilterRegistrationBean userContextFilter()
 
   private AccessDecisionManager defaultAccessDecisionManager() {
     final List<AccessDecisionVoter<?>> voters = new ArrayList<>();
-    voters.add(new UrlPermissionChecker());
+    voters.add(new UrlPermissionChecker(logger));
     return new UnanimousBased(voters);
   }
 

library/src/main/java/io/mifos/anubis/security/SystemAuthenticator.java

@@ -82,8 +82,10 @@ public AnubisAuthentication authenticate(
     }
     catch (final JwtException e) {
       logger.debug("token = {}", token);
+      logger.info("System token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
       throw AmitAuthenticationException.invalidToken();
     } catch (final InvalidKeyTimestampException e) {
+      logger.info("System token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
       throw AmitAuthenticationException.invalidTokenKeyTimestamp("system", keyTimestamp);
     }
   }

library/src/main/java/io/mifos/anubis/security/TenantAuthenticator.java

@@ -92,8 +92,10 @@ AnubisAuthentication authenticate(
       );
     }
     catch (final JwtException e) {
+      logger.info("Tenant token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
       throw AmitAuthenticationException.invalidToken();
     } catch (final InvalidKeyTimestampException e) {
+      logger.info("Tenant token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
       throw AmitAuthenticationException.invalidTokenKeyTimestamp("tenant", keyTimestamp);
     }
   }

library/src/main/java/io/mifos/anubis/security/UrlPermissionChecker.java

@@ -15,6 +15,7 @@
  */
 package io.mifos.anubis.security;
 
+import org.slf4j.Logger;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
@@ -28,6 +29,12 @@
  * @author Myrle Krantz
  */
 public class UrlPermissionChecker implements AccessDecisionVoter<FilterInvocation> {
+  private final Logger logger;
+
+  public UrlPermissionChecker(final Logger logger) {
+    this.logger = logger;
+  }
+
   @Override public boolean supports(final ConfigAttribute attribute) {
     return attribute.getAttribute().equals(ApplicationPermission.URL_AUTHORITY);
   }
@@ -54,6 +61,9 @@ public class UrlPermissionChecker implements AccessDecisionVoter<FilterInvocatio
             .filter(x -> x.matches(filterInvocation, authentication.getPrincipal()))
             .findAny();
 
+    matchedPermission.ifPresent(x -> logger.debug("Authorizing access to {} based on permission: {}"
+            , filterInvocation.getRequestUrl(),  x));
+
     return matchedPermission.map(x -> ACCESS_GRANTED).orElse(ACCESS_DENIED);
   }
 }