From 4c0751c1a0be60ee69eef48f7eb4ee13c10f3ebc Mon Sep 17 00:00:00 2001 From: mposolda Date: Wed, 10 Sep 2014 15:37:52 +0200 Subject: [PATCH] KEYCLOAK-674 Reduce info level logging in adapters --- .../keycloak/adapters/KeycloakDeployment.java | 2 -- .../adapters/OAuthRequestAuthenticator.java | 16 ++++++------- .../adapters/PreAuthActionsHandler.java | 20 +++++++++++----- .../RefreshableKeycloakSecurityContext.java | 14 +++++++---- .../adapters/RequestAuthenticator.java | 23 ++++++++++++------- .../as7/AuthenticatedActionsValve.java | 2 +- .../as7/KeycloakAuthenticatorValve.java | 8 +++++-- .../adapters/jboss/KeycloakLoginModule.java | 4 ++-- .../undertow/KeycloakUndertowAccount.java | 16 ++++++++----- .../undertow/ServletRequestAuthenticator.java | 8 +++---- .../adapters/undertow/UndertowHttpFacade.java | 2 -- .../undertow/UndertowKeycloakAuthMech.java | 2 -- .../wildfly/WildflyRequestAuthenticator.java | 2 +- 13 files changed, 71 insertions(+), 48 deletions(-) diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java index 1d586d110b..053dddf1f2 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java @@ -1,7 +1,6 @@ package org.keycloak.adapters; import org.apache.http.client.HttpClient; -import org.jboss.logging.Logger; import org.keycloak.ServiceUrlConstants; import org.keycloak.enums.SslRequired; import org.keycloak.util.KeycloakUriBuilder; @@ -16,7 +15,6 @@ import java.util.Map; * @version $Revision: 1 $ */ public class KeycloakDeployment { - private static final Logger log = Logger.getLogger(KeycloakDeployment.class); protected boolean relativeUrls; protected String realm; diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java index a7009d2d90..3932cb0369 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java @@ -109,7 +109,7 @@ public abstract class OAuthRequestAuthenticator { protected String getRedirectUri(String state) { String url = getRequestUrl(); - log.infof("callback uri: %s", url); + log.debugf("callback uri: %s", url); if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) { int port = sslRedirectPort(); if (port < 0) { @@ -148,7 +148,7 @@ public abstract class OAuthRequestAuthenticator { exchange.getResponse().setStatus(403); return true; } - log.info("Sending redirect to login page: " + redirect); + log.debug("Sending redirect to login page: " + redirect); exchange.getResponse().setStatus(302); exchange.getResponse().setCookie(deployment.getStateCookieName(), state, /* need to set path? */ null, null, -1, deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr()), false); exchange.getResponse().setHeader("Location", redirect); @@ -165,7 +165,7 @@ public abstract class OAuthRequestAuthenticator { return challenge(400); } // reset the cookie - log.info("** reseting application state cookie"); + log.debug("** reseting application state cookie"); facade.getResponse().resetCookie(deployment.getStateCookieName(), stateCookie.getPath()); String stateCookieValue = getCookieValue(deployment.getStateCookieName()); @@ -187,7 +187,7 @@ public abstract class OAuthRequestAuthenticator { public AuthOutcome authenticate() { String code = getCode(); if (code == null) { - log.info("there was no code"); + log.debug("there was no code"); String error = getError(); if (error != null) { // todo how do we send a response? @@ -195,13 +195,13 @@ public abstract class OAuthRequestAuthenticator { challenge = challenge(400); return AuthOutcome.FAILED; } else { - log.info("redirecting to auth server"); + log.debug("redirecting to auth server"); challenge = loginRedirect(); saveRequest(); return AuthOutcome.NOT_ATTEMPTED; } } else { - log.info("there was a code, resolving"); + log.debug("there was a code, resolving"); challenge = resolveCode(code); if (challenge != null) { return AuthOutcome.FAILED; @@ -246,7 +246,7 @@ public abstract class OAuthRequestAuthenticator { return challenge(403); } - log.info("checking state cookie for after code"); + log.debug("checking state cookie for after code"); AuthChallenge challenge = checkStateCookie(); if (challenge != null) return challenge; @@ -292,7 +292,7 @@ public abstract class OAuthRequestAuthenticator { log.error("Stale token"); return challenge(403); } - log.info("successful authenticated"); + log.debug("successful authenticated"); return null; } diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/PreAuthActionsHandler.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/PreAuthActionsHandler.java index 2834ccc367..e2aff3f141 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/PreAuthActionsHandler.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/PreAuthActionsHandler.java @@ -113,7 +113,9 @@ public class PreAuthActionsHandler { } protected void handleLogout() { - log.info("K_LOGOUT sent"); + if (log.isTraceEnabled()) { + log.trace("K_LOGOUT sent"); + } try { JWSInput token = verifyAdminRequest(); if (token == null) { @@ -123,12 +125,12 @@ public class PreAuthActionsHandler { if (!validateAction(action)) return; String user = action.getUser(); if (user != null) { - log.info("logout of session for: " + user); + log.debug("logout of session for: " + user); userSessionManagement.logoutUser(user); } else if (action.getSession() != null) { userSessionManagement.logoutKeycloakSession(action.getSession()); } else { - log.info("logout of all sessions"); + log.debug("logout of all sessions"); if (action.getNotBefore() > deployment.getNotBefore()) { deployment.setNotBefore(action.getNotBefore()); } @@ -142,7 +144,9 @@ public class PreAuthActionsHandler { protected void handlePushNotBefore() { - log.info("K_PUSH_NOT_BEFORE sent"); + if (log.isTraceEnabled()) { + log.trace("K_PUSH_NOT_BEFORE sent"); + } try { JWSInput token = verifyAdminRequest(); if (token == null) { @@ -205,7 +209,9 @@ public class PreAuthActionsHandler { } protected void handleGetSessionStats() { - log.info("K_GET_SESSION_STATS sent"); + if (log.isTraceEnabled()) { + log.trace("K_GET_SESSION_STATS sent"); + } try { JWSInput token = verifyAdminRequest(); if (token == null) return; @@ -229,7 +235,9 @@ public class PreAuthActionsHandler { } } protected void handleGetUserStats() { - log.info("K_GET_USER_STATS sent"); + if (log.isTraceEnabled()) { + log.trace("K_GET_USER_STATS sent"); + } try { JWSInput token = verifyAdminRequest(); if (token == null) return; diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSecurityContext.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSecurityContext.java index bd68fb5bd1..7dfe62c722 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSecurityContext.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSecurityContext.java @@ -63,11 +63,15 @@ public class RefreshableKeycloakSecurityContext extends KeycloakSecurityContext } public void refreshExpiredToken() { - log.info("checking whether to refresh."); + if (log.isTraceEnabled()) { + log.trace("checking whether to refresh."); + } if (isActive()) return; if (this.deployment == null || refreshToken == null) return; // Might be serialized in HttpSession? - log.info("Doing refresh"); + if (log.isTraceEnabled()) { + log.trace("Doing refresh"); + } AccessTokenResponse response = null; try { response = ServerRequest.invokeRefresh(deployment, refreshToken); @@ -78,12 +82,14 @@ public class RefreshableKeycloakSecurityContext extends KeycloakSecurityContext log.error("Refresh token failure status: " + httpFailure.getStatus() + " " + httpFailure.getError()); return; } - log.info("received refresh response"); + if (log.isTraceEnabled()) { + log.trace("received refresh response"); + } String tokenString = response.getToken(); AccessToken token = null; try { token = RSATokenVerifier.verifyToken(tokenString, deployment.getRealmKey(), deployment.getRealm()); - log.info("Token Verification succeeded!"); + log.debug("Token Verification succeeded!"); } catch (VerificationException e) { log.error("failed verification of token"); } diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java index 9e5b6175bc..7073987c91 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java @@ -31,29 +31,36 @@ public abstract class RequestAuthenticator { } public AuthOutcome authenticate() { - log.info("--> authenticate()"); + if (log.isTraceEnabled()) { + log.trace("--> authenticate()"); + } BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator(); - log.info("try bearer"); + if (log.isTraceEnabled()) { + log.trace("try bearer"); + } AuthOutcome outcome = bearer.authenticate(facade); if (outcome == AuthOutcome.FAILED) { challenge = bearer.getChallenge(); - log.info("Bearer FAILED"); + log.debug("Bearer FAILED"); return AuthOutcome.FAILED; } else if (outcome == AuthOutcome.AUTHENTICATED) { if (verifySSL()) return AuthOutcome.FAILED; completeAuthentication(bearer); - log.info("Bearer AUTHENTICATED"); + log.debug("Bearer AUTHENTICATED"); return AuthOutcome.AUTHENTICATED; } else if (deployment.isBearerOnly()) { challenge = bearer.getChallenge(); - log.info("NOT_ATTEMPTED: bearer only"); + log.debug("NOT_ATTEMPTED: bearer only"); return AuthOutcome.NOT_ATTEMPTED; } - log.info("try oauth"); + if (log.isTraceEnabled()) { + log.trace("try oauth"); + } + if (isCached()) { if (verifySSL()) return AuthOutcome.FAILED; - log.info("AUTHENTICATED: was cached"); + log.debug("AUTHENTICATED: was cached"); return AuthOutcome.AUTHENTICATED; } @@ -77,7 +84,7 @@ public abstract class RequestAuthenticator { facade.getResponse().setStatus(302); facade.getResponse().end(); - log.info("AUTHENTICATED"); + log.debug("AUTHENTICATED"); return AuthOutcome.AUTHENTICATED; } diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/AuthenticatedActionsValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/AuthenticatedActionsValve.java index b0888eba76..d23da0171d 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/AuthenticatedActionsValve.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/AuthenticatedActionsValve.java @@ -31,7 +31,7 @@ public class AuthenticatedActionsValve extends ValveBase { public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container, ObjectName controller) { this.deploymentContext = deploymentContext; - if (next == null) throw new RuntimeException("WTF is next null?!"); + if (next == null) throw new RuntimeException("Next valve is null!!!"); setNext(next); setContainer(container); setController(controller); diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java index dc9ef432de..eb3975630f 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java @@ -123,7 +123,9 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif @Override public void invoke(Request request, Response response) throws IOException, ServletException { try { - log.info("invoke"); + if (log.isTraceEnabled()) { + log.trace("invoke"); + } CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response); PreAuthActionsHandler handler = new PreAuthActionsHandler(userSessionManagement, deploymentContext, facade); if (handler.handleRequest()) { @@ -137,7 +139,9 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif @Override public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException { - log.info("*** authenticate"); + if (log.isTraceEnabled()) { + log.trace("*** authenticate"); + } CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment == null || !deployment.isConfigured()) { diff --git a/integration/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java b/integration/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java index e3db8c5418..8f74f7eba0 100755 --- a/integration/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java +++ b/integration/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java @@ -29,7 +29,7 @@ public class KeycloakLoginModule extends AbstractServerLoginModule { @SuppressWarnings("unchecked") @Override public boolean login() throws LoginException { - log.info("KeycloakLoginModule.login()"); + log.debug("KeycloakLoginModule.login()"); if (super.login() == true) { log.info("super.login()==true"); return true; @@ -37,7 +37,7 @@ public class KeycloakLoginModule extends AbstractServerLoginModule { Object credential = getCredential(); if (credential != null && (credential instanceof KeycloakAccount)) { - log.info("Found Account"); + log.debug("Found Account"); KeycloakAccount account = (KeycloakAccount)credential; roleSet = account.getRoles(); identity = account.getPrincipal(); diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java index bc080f9782..02680f4bc4 100755 --- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java +++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java @@ -48,11 +48,15 @@ public class KeycloakUndertowAccount implements Account, Serializable, KeycloakA protected void setRoles(AccessToken accessToken) { Set roles = null; if (session.getDeployment().isUseResourceRoleMappings()) { - log.info("useResourceRoleMappings"); + if (log.isTraceEnabled()) { + log.trace("useResourceRoleMappings"); + } AccessToken.Access access = accessToken.getResourceAccess(session.getDeployment().getResourceName()); if (access != null) roles = access.getRoles(); } else { - log.info("use realm role mappings"); + if (log.isTraceEnabled()) { + log.trace("use realm role mappings"); + } AccessToken.Access access = accessToken.getRealmAccess(); if (access != null) roles = access.getRoles(); } @@ -88,18 +92,18 @@ public class KeycloakUndertowAccount implements Account, Serializable, KeycloakA public boolean isActive() { // this object may have been serialized, so we need to reset realm config/metadata if (session.isActive()) { - log.info("session is active"); + log.debug("session is active"); return true; } - log.info("session is not active try refresh"); + log.debug("session is not active try refresh"); session.refreshExpiredToken(); if (!session.isActive()) { - log.info("session is not active return with failure"); + log.debug("session is not active return with failure"); return false; } - log.info("refresh succeeded"); + log.debug("refresh succeeded"); setRoles(session.getToken()); return true; diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java index cd2fef2990..a8365cd20d 100755 --- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java +++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java @@ -49,22 +49,22 @@ public class ServletRequestAuthenticator extends UndertowRequestAuthenticator { HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest(); HttpSession session = req.getSession(false); if (session == null) { - log.info("session was null, returning null"); + log.debug("session was null, returning null"); return false; } KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName()); if (account == null) { - log.info("Account was not in session, returning null"); + log.debug("Account was not in session, returning null"); return false; } account.setDeployment(deployment); if (account.isActive()) { - log.info("Cached account found"); + log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); propagateKeycloakContext( account); return true; } - log.info("Account was not active, returning null"); + log.debug("Account was not active, returning null"); session.setAttribute(KeycloakUndertowAccount.class.getName(), null); return false; } diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java index 973b0c741e..54552cc802 100755 --- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java +++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java @@ -21,7 +21,6 @@ import io.undertow.server.handlers.CookieImpl; import io.undertow.util.AttachmentKey; import io.undertow.util.Headers; import io.undertow.util.HttpString; -import org.jboss.logging.Logger; import org.keycloak.KeycloakSecurityContext; import org.keycloak.adapters.HttpFacade; import org.keycloak.util.KeycloakUriBuilder; @@ -39,7 +38,6 @@ import java.util.Map; * @version $Revision: 1 $ */ public class UndertowHttpFacade implements HttpFacade { - private static final Logger log = Logger.getLogger(UndertowHttpFacade.class); public static final AttachmentKey KEYCLOAK_SECURITY_CONTEXT_KEY = AttachmentKey.create(KeycloakSecurityContext.class); protected HttpServerExchange exchange; diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java index a67b5e8510..e5050901ee 100755 --- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java +++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java @@ -24,7 +24,6 @@ import io.undertow.server.HttpServerExchange; import io.undertow.server.session.Session; import io.undertow.util.AttachmentKey; import io.undertow.util.Sessions; -import org.jboss.logging.Logger; import org.keycloak.adapters.AdapterDeploymentContext; import org.keycloak.adapters.AuthChallenge; import org.keycloak.adapters.AuthOutcome; @@ -36,7 +35,6 @@ import org.keycloak.adapters.RequestAuthenticator; * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc. */ public abstract class UndertowKeycloakAuthMech implements AuthenticationMechanism { - private static final Logger log = Logger.getLogger(UndertowKeycloakAuthMech.class); public static final AttachmentKey KEYCLOAK_CHALLENGE_ATTACHMENT_KEY = AttachmentKey.create(AuthChallenge.class); protected AdapterDeploymentContext deploymentContext; diff --git a/integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java b/integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java index 0b3563a596..bc8a6de787 100755 --- a/integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java +++ b/integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java @@ -39,7 +39,7 @@ public class WildflyRequestAuthenticator extends ServletRequestAuthenticator { protected void propagateKeycloakContext(KeycloakUndertowAccount account) { super.propagateKeycloakContext(account); SecurityInfoHelper.propagateSessionInfo(account); - log.info("propagate security context to wildfly"); + log.debug("propagate security context to wildfly"); Subject subject = new Subject(); Set principals = subject.getPrincipals(); principals.add(account.getPrincipal());