From 55bd889a0fd8455844629c9b36a427c404831c09 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Wed, 27 Aug 2014 11:03:01 +0200 Subject: [PATCH] KEYCLOAK-531 Reduce info level logging --- .../java/org/keycloak/RSAVerifierTest.java | 2 - .../org/keycloak/SkeletonKeyTokenTest.java | 4 -- .../modules/MigrationFromOlderVersions.xml | 7 +++ .../undertow/KeycloakServletExtension.java | 10 ++-- .../models/utils/RepresentationToModel.java | 2 +- .../DefaultKeycloakSessionFactory.java | 6 +- .../services/managers/ApplianceBootstrap.java | 2 - .../managers/AuthenticationManager.java | 56 ++++++------------- .../services/managers/RealmManager.java | 7 --- .../managers/ResourceAdminManager.java | 20 +++---- .../services/resources/AccountService.java | 6 +- .../org/keycloak/services/resources/Cors.java | 7 +-- .../services/resources/RealmsResource.java | 2 - .../resources/RequiredActionsService.java | 16 ++---- .../services/resources/SocialResource.java | 7 +-- .../services/resources/TokenService.java | 38 ++----------- .../resources/admin/AdminConsole.java | 5 +- .../services/resources/admin/AdminRoot.java | 4 +- .../src/main/resources/log4j.properties | 3 +- .../timer/basic/BasicTimerProvider.java | 6 +- 20 files changed, 67 insertions(+), 143 deletions(-) diff --git a/core/src/test/java/org/keycloak/RSAVerifierTest.java b/core/src/test/java/org/keycloak/RSAVerifierTest.java index ac10bbf41c..5e87780457 100755 --- a/core/src/test/java/org/keycloak/RSAVerifierTest.java +++ b/core/src/test/java/org/keycloak/RSAVerifierTest.java @@ -206,7 +206,6 @@ public class RSAVerifierTest { v = verifySkeletonKeyToken(encoded); Assert.fail(); } catch (VerificationException ignored) { - System.out.println(ignored.getMessage()); } } @@ -225,7 +224,6 @@ public class RSAVerifierTest { try { v = verifySkeletonKeyToken(encoded); } catch (VerificationException ignored) { - System.out.println(ignored.getMessage()); } } diff --git a/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java b/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java index f3ed75ad63..cd948b8be5 100755 --- a/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java +++ b/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java @@ -24,8 +24,6 @@ public class SkeletonKeyTokenTest { token.addAccess("bar").addRole("user"); String json = JsonSerialization.writeValueAsString(token); - System.out.println(json); - token = JsonSerialization.readValue(json, AccessToken.class); Assert.assertEquals("111", token.getId()); AccessToken.Access foo = token.getResourceAccess("foo"); @@ -47,8 +45,6 @@ public class SkeletonKeyTokenTest { .jsonContent(token) .rsa256(keyPair.getPrivate()); - System.out.println(encoded); - JWSInput input = new JWSInput(encoded); token = input.readJsonContent(AccessToken.class); diff --git a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml index ce6f3252fd..ea018955fb 100755 --- a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml +++ b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml @@ -1,5 +1,12 @@ Migration from older versions + + Migrating from 1.0 RC-1 to RC-2 + + A lot of info level logging has been changed to debug. Also, a realm no longer has the jboss-logging audit listener by default. + If you want log output when users login, logout, change passwords, etc. enable the jboss-logging audit listener through the admin console. + + Migrating from 1.0 Beta 4 to RC-1 diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java index 9658fd64d9..4c024562e9 100755 --- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java +++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java @@ -74,7 +74,7 @@ public class KeycloakServletExtension implements ServletExtension { if (is == null) { String path = context.getInitParameter("keycloak.config.file"); if (path == null) { - log.info("**** using /WEB-INF/keycloak.json"); + log.debug("using /WEB-INF/keycloak.json"); is = context.getResourceAsStream("/WEB-INF/keycloak.json"); } else { try { @@ -91,10 +91,10 @@ public class KeycloakServletExtension implements ServletExtension { @Override public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) { if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK")) { - log.info("auth-method is not keycloak!"); + log.debug("auth-method is not keycloak!"); return; } - log.info("KeycloakServletException initialization"); + log.debug("KeycloakServletException initialization"); InputStream is = getConfigInputStream(servletContext); KeycloakDeployment deployment = null; if (is == null) { @@ -139,14 +139,14 @@ public class KeycloakServletExtension implements ServletExtension { } }); - log.info("Setting jsession cookie path to: " + deploymentInfo.getContextPath()); + log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath()); ServletSessionConfig cookieConfig = new ServletSessionConfig(); cookieConfig.setPath(deploymentInfo.getContextPath()); deploymentInfo.setServletSessionConfig(cookieConfig); } protected ServletKeycloakAuthMech createAuthenticationMechanism(DeploymentInfo deploymentInfo, AdapterDeploymentContext deploymentContext, UndertowUserSessionManagement userSessionManagement) { - log.info("creating ServletKeycloakAuthMech"); + log.debug("creating ServletKeycloakAuthMech"); return new ServletKeycloakAuthMech(deploymentContext, userSessionManagement, deploymentInfo.getConfidentialPortManager()); } } diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index b79d6c2b7f..f3f3970da7 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -397,7 +397,7 @@ public class RepresentationToModel { if (resourceRep.getRedirectUris() != null) { Set origins = new HashSet(); for (String redirectUri : resourceRep.getRedirectUris()) { - logger.info("add redirectUri to origin: " + redirectUri); + logger.debugv("add redirect-uri to origin: {0}", redirectUri); if (redirectUri.startsWith("http:")) { URI uri = URI.create(redirectUri); String origin = uri.getScheme() + "://" + uri.getHost(); diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java index 5df78596fb..fbee2e92d0 100755 --- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java +++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java @@ -38,7 +38,7 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory { factories.put(factory.getId(), factory); - log.info("Loaded SPI " + spi.getName() + " (provider = " + provider + ")"); + log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider); } else { for (ProviderFactory factory : ServiceLoader.load(spi.getProviderFactoryClass())) { Config.Scope scope = Config.scope(spi.getName(), factory.getId()); @@ -51,9 +51,9 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory { provider = factories.values().iterator().next().getId(); this.provider.put(spi.getProviderClass(), provider); - log.info("Loaded SPI " + spi.getName() + " (provider = " + provider + ")"); + log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider); } else { - log.info("Loaded SPI " + spi.getName() + " (providers = " + factories.keySet() + ")"); + log.debugv("Loaded SPI {0} (providers = {1})", spi.getName(), factories.keySet()); } } } diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java index 6385c133ed..96f81344b4 100755 --- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java +++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java @@ -60,8 +60,6 @@ public class ApplianceBootstrap { realm.setRegistrationAllowed(false); KeycloakModelUtils.generateRealmKeys(realm); - realm.setAuditListeners(Collections.singleton("jboss-logging")); - UserModel adminUser = session.users().addUser(realm, "admin"); adminUser.setEnabled(true); UserCredentialModel password = new UserCredentialModel(); diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index 2773989d18..75e7d8ecec 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -55,26 +55,19 @@ public class AuthenticationManager { public static boolean isSessionValid(RealmModel realm, UserSessionModel userSession) { if (userSession == null) { - logger.info("userSession was null"); + logger.debug("No user session"); return false; } int currentTime = Time.currentTime(); int max = userSession.getStarted() + realm.getSsoSessionMaxLifespan(); - boolean valid = userSession != null && userSession.getLastSessionRefresh() + realm.getSsoSessionIdleTimeout() > currentTime && max > currentTime; - if (!valid) { - logger.info("userSession.getLastSessionRefresh(): " + userSession.getLastSessionRefresh()); - logger.info("realm.getSsoSessionIdleTimeout(): " + realm.getSsoSessionIdleTimeout()); - logger.info("currentTime: " + currentTime); - logger.info("max: " + max); - } - return valid; + return userSession != null && userSession.getLastSessionRefresh() + realm.getSsoSessionIdleTimeout() > currentTime && max > currentTime; } public static void logout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, UriInfo uriInfo, ClientConnection connection) { if (userSession == null) return; UserModel user = userSession.getUser(); - logger.infov("Logging out: {0} ({1})", user.getUsername(), userSession.getId()); + logger.debugv("Logging out: {0} ({1})", user.getUsername(), userSession.getId()); session.sessions().removeUserSession(realm, userSession); expireIdentityCookie(realm, uriInfo, connection); @@ -86,7 +79,6 @@ public class AuthenticationManager { public AccessToken createIdentityToken(RealmModel realm, UserModel user, UserSessionModel session) { - logger.info("createIdentityToken"); AccessToken token = new AccessToken(); token.id(KeycloakModelUtils.generateId()); token.issuedNow(); @@ -102,17 +94,15 @@ public class AuthenticationManager { } public void createLoginCookie(RealmModel realm, UserModel user, UserSessionModel session, UriInfo uriInfo, ClientConnection connection) { - logger.info("createLoginCookie"); String cookiePath = getIdentityCookiePath(realm, uriInfo); AccessToken identityToken = createIdentityToken(realm, user, session); String encoded = encodeToken(realm, identityToken); boolean secureOnly = realm.getSslRequired().isRequired(connection); - logger.debugv("creatingLoginCookie - name: {0} path: {1}", KEYCLOAK_IDENTITY_COOKIE, cookiePath); int maxAge = NewCookie.DEFAULT_MAX_AGE; if (session.isRememberMe()) { maxAge = realm.getSsoSessionIdleTimeout(); - logger.info("createLoginCookie maxAge: " + maxAge); } + logger.debugv("Create login cookie - name: {0}, path: {1}, max-age: {2}", KEYCLOAK_IDENTITY_COOKIE, cookiePath, maxAge); CookieHelper.addCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, cookiePath, null, null, maxAge, secureOnly, true); //builder.cookie(new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly));// todo httponly , true); @@ -171,10 +161,9 @@ public class AuthenticationManager { } public AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers, boolean checkActive) { - logger.info("authenticateIdentityCookie"); Cookie cookie = headers.getCookies().get(KEYCLOAK_IDENTITY_COOKIE); if (cookie == null || "".equals(cookie.getValue())) { - logger.infov("authenticateCookie could not find cookie: {0}", KEYCLOAK_IDENTITY_COOKIE); + logger.debugv("Could not find cookie: {0}", KEYCLOAK_IDENTITY_COOKIE); return null; } @@ -191,35 +180,31 @@ public class AuthenticationManager { protected AuthResult verifyIdentityToken(KeycloakSession session, RealmModel realm, UriInfo uriInfo, ClientConnection connection, boolean checkActive, String tokenString) { try { AccessToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getName(), checkActive); - logger.info("identity token verified"); if (checkActive) { - logger.info("Checking if identity token is active"); if (!token.isActive() || token.getIssuedAt() < realm.getNotBefore()) { - logger.info("identity cookie expired"); + logger.debug("identity cookie expired"); return null; } else { - logger.info("token.isActive() : " + token.isActive()); - logger.info("token.issuedAt: " + token.getIssuedAt()); - logger.info("real.notbefore: " + realm.getNotBefore()); + logger.debugv("token not active - active: {0}, issued-at: {1}, not-before: {2}", token.isActive(), token.getIssuedAt(), realm.getNotBefore()); } } UserModel user = session.users().getUserById(token.getSubject(), realm); if (user == null || !user.isEnabled() ) { - logger.info("Unknown user in identity token"); + logger.debug("Unknown user in identity token"); return null; } UserSessionModel userSession = session.sessions().getUserSession(realm, token.getSessionState()); if (!isSessionValid(realm, userSession)) { if (userSession != null) logout(session, realm, userSession, uriInfo, connection); - logger.info("User session not active"); + logger.debug("User session not active"); return null; } return new AuthResult(user, userSession, token); } catch (VerificationException e) { - logger.info("Failed to verify identity token", e); + logger.debug("Failed to verify identity token", e); } return null; } @@ -227,7 +212,7 @@ public class AuthenticationManager { public AuthenticationStatus authenticateForm(KeycloakSession session, ClientConnection clientConnection, RealmModel realm, MultivaluedMap formData) { String username = formData.getFirst(FORM_USERNAME); if (username == null) { - logger.warn("Username not provided"); + logger.debug("Username not provided"); return AuthenticationStatus.INVALID_USER; } @@ -264,11 +249,11 @@ public class AuthenticationManager { UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username); if (user == null) { - logger.warn("User " + username + " not found"); + logger.debugv("User {0} not found", username); return AuthenticationStatus.INVALID_USER; } - if (!checkEnabled(user)) { + if (!user.isEnabled()) { return AuthenticationStatus.ACCOUNT_DISABLED; } @@ -282,7 +267,7 @@ public class AuthenticationManager { List credentials = new LinkedList(); String password = formData.getFirst(CredentialRepresentation.PASSWORD); if (password == null) { - logger.warn("Password not provided"); + logger.debug("Password not provided"); return AuthenticationStatus.MISSING_PASSWORD; } credentials.add(UserCredentialModel.password(password)); @@ -290,7 +275,7 @@ public class AuthenticationManager { if (user.isTotp()) { String token = formData.getFirst(CredentialRepresentation.TOTP); if (token == null) { - logger.warn("TOTP token not provided"); + logger.debug("TOTP token not provided"); return AuthenticationStatus.MISSING_TOTP; } credentials.add(UserCredentialModel.totp(token)); @@ -311,7 +296,7 @@ public class AuthenticationManager { } else if (types.contains(CredentialRepresentation.SECRET)) { String secret = formData.getFirst(CredentialRepresentation.SECRET); if (secret == null) { - logger.warn("Secret not provided"); + logger.debug("Secret not provided"); return AuthenticationStatus.MISSING_PASSWORD; } if (!session.users().validCredentials(realm, user, UserCredentialModel.secret(secret))) { @@ -328,15 +313,6 @@ public class AuthenticationManager { } } - private boolean checkEnabled(UserModel user) { - if (!user.isEnabled()) { - logger.warn("AccountProvider is disabled, contact admin. " + user.getUsername()); - return false; - } else { - return true; - } - } - public enum AuthenticationStatus { SUCCESS, ACCOUNT_TEMPORARILY_DISABLED, ACCOUNT_DISABLED, ACTIONS_REQUIRED, INVALID_USER, INVALID_CREDENTIALS, MISSING_PASSWORD, MISSING_TOTP, FAILED } diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index e599e8524c..2269c97b76 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -86,8 +86,6 @@ public class RealmManager { setupAccountManagement(realm); setupAdminConsole(realm); - realm.setAuditListeners(Collections.singleton("jboss-logging")); - return realm; } @@ -226,11 +224,6 @@ public class RealmManager { RepresentationToModel.importRealm(session, rep, realm); - - if (realm.getAuditListeners().size() == 0) { - realm.setAuditListeners(Collections.singleton("jboss-logging")); - } - // Refresh periodic sync tasks for configured federationProviders List federationProviders = realm.getUserFederationProviders(); UsersSyncManager usersSyncManager = new UsersSyncManager(); diff --git a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java index a47892fd68..6b2aff8cfb 100755 --- a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java @@ -59,7 +59,7 @@ public class ResourceAdminManager { SessionStatsAction adminAction = new SessionStatsAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, application.getName()); adminAction.setListUsers(users); String token = new TokenManager().encodeToken(realm, adminAction); - logger.infov("session stats for application: {0} url: {1}", application.getName(), managementUrl); + logger.debugv("session stats for application: {0} url: {1}", application.getName(), managementUrl); ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_GET_SESSION_STATS).build().toString()); ClientResponse response = null; try { @@ -90,7 +90,7 @@ public class ResourceAdminManager { response.releaseConnection(); } } else { - logger.info("no management url."); + logger.debug("no management url."); return null; } @@ -121,7 +121,7 @@ public class ResourceAdminManager { if (managementUrl != null) { UserStatsAction adminAction = new UserStatsAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, application.getName(), user.getId()); String token = new TokenManager().encodeToken(realm, adminAction); - logger.infov("session stats for application: {0} url: {1}", application.getName(), managementUrl); + logger.debugv("session stats for application: {0} url: {1}", application.getName(), managementUrl); ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_GET_USER_STATS).build().toString()); ClientResponse response = null; try { @@ -141,7 +141,7 @@ public class ResourceAdminManager { response.releaseConnection(); } } else { - logger.info("no management url."); + logger.debug("no management url."); return null; } @@ -210,7 +210,7 @@ public class ResourceAdminManager { if (managementUrl != null) { LogoutAction adminAction = new LogoutAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getName(), user, session, notBefore); String token = new TokenManager().encodeToken(realm, adminAction); - logger.infov("logout user: {0} resource: {1} url: {2}", user, resource.getName(), managementUrl); + logger.debugv("logout user: {0} resource: {1} url: {2}", user, resource.getName(), managementUrl); ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_LOGOUT).build().toString()); ClientResponse response; try { @@ -220,13 +220,13 @@ public class ResourceAdminManager { } try { boolean success = response.getStatus() == 204; - logger.info("logout success."); + logger.debug("logout success."); return success; } finally { response.releaseConnection(); } } else { - logger.info("Can't logout " + resource.getName() + " no mgmt url."); + logger.debugv("Can't logout {0}: no management url", resource.getName()); return false; } } @@ -260,7 +260,7 @@ public class ResourceAdminManager { if (managementUrl != null) { PushNotBeforeAction adminAction = new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getName(), notBefore); String token = new TokenManager().encodeToken(realm, adminAction); - logger.infov("pushRevocation resource: {0} url: {1}", resource.getName(), managementUrl); + logger.debugv("pushRevocation resource: {0} url: {1}", resource.getName(), managementUrl); ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_PUSH_NOT_BEFORE).build().toString()); ClientResponse response = null; try { @@ -271,13 +271,13 @@ public class ResourceAdminManager { try { boolean success = response.getStatus() == 204; - logger.info("pushRevocation success."); + logger.debug("pushRevocation success."); return success; } finally { response.releaseConnection(); } } else { - logger.info("no management URL for application: " + resource.getName()); + logger.debug("no management URL for application: " + resource.getName()); return false; } diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java index 01c7765397..419e641c44 100755 --- a/services/src/main/java/org/keycloak/services/resources/AccountService.java +++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java @@ -586,7 +586,7 @@ public class AccountService { if (session.users().getSocialLinks(user, realm).size() > 1 || user.getFederationLink() != null) { session.users().removeSocialLink(realm, user, providerId); - logger.debug("Social provider " + providerId + " removed successfully from user " + user.getUsername()); + logger.debugv("Social provider {0} removed successfully from user {1}", providerId, user.getUsername()); audit.event(EventType.REMOVE_SOCIAL_LINK).client(auth.getClient()).user(auth.getUser()) .detail(Details.USERNAME, link.getSocialUserId() + "@" + link.getSocialProvider()) @@ -603,9 +603,7 @@ public class AccountService { return account.setError(Messages.SOCIAL_LINK_NOT_ACTIVE).createResponse(AccountPages.SOCIAL); } default: - // Shouldn't happen - logger.warn("Action is null!"); - return null; + throw new IllegalArgumentException(); } } diff --git a/services/src/main/java/org/keycloak/services/resources/Cors.java b/services/src/main/java/org/keycloak/services/resources/Cors.java index 7689ea0d6e..b0512ff068 100755 --- a/services/src/main/java/org/keycloak/services/resources/Cors.java +++ b/services/src/main/java/org/keycloak/services/resources/Cors.java @@ -129,18 +129,17 @@ public class Cors { return builder.build(); } public void build(HttpResponse response) { - logger.info("build CORS"); String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN_HEADER); if (origin == null) { - logger.info("No origin returning"); + logger.debug("No origin returning"); return; } if (!preflight && (allowedOrigins == null || !allowedOrigins.contains(origin))) { - logger.info("!preflight and no origin"); + logger.debug("!preflight and no origin"); return; } - logger.info("build CORS headers and return"); + logger.debug("build CORS headers and return"); response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN, origin); if (allowedMethods != null) { diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index a2f13ca361..3969224f5b 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -92,10 +92,8 @@ public class RealmsResource { public String getLoginStatusIframe(final @PathParam("realm") String name, @QueryParam("client_id") String client_id, @QueryParam("origin") String origin) { - logger.info("getLoginStatusIframe"); AuthenticationManager auth = new AuthenticationManager(); - //logger.info("getting login-status-iframe.html for client_id: " + client_id); RealmManager realmManager = new RealmManager(session); RealmModel realm = locateRealm(name, realmManager); ClientModel client = realm.findClient(client_id); diff --git a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java index ebff3f63d3..a468f755a0 100755 --- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java +++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java @@ -69,6 +69,7 @@ import java.util.concurrent.TimeUnit; * @author Stian Thorgersen */ public class RequiredActionsService { + protected static final Logger logger = Logger.getLogger(RequiredActionsService.class); private RealmModel realm; @@ -180,13 +181,10 @@ public class RequiredActionsService { @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) public Response updatePassword(final MultivaluedMap formData) { - logger.debug("updatePassword"); AccessCode accessCode = getAccessCodeEntry(RequiredAction.UPDATE_PASSWORD); if (accessCode == null) { - logger.debug("updatePassword access code is null"); return unauthorized(); } - logger.debug("updatePassword has access code"); UserModel user = getUser(accessCode); @@ -208,8 +206,6 @@ public class RequiredActionsService { return loginForms.setError(ape.getMessage()).createResponse(RequiredAction.UPDATE_PASSWORD); } - logger.debug("updatePassword updated credential"); - user.removeRequiredAction(RequiredAction.UPDATE_PASSWORD); audit.clone().event(EventType.UPDATE_PASSWORD).success(); @@ -306,7 +302,6 @@ public class RequiredActionsService { } if (user == null) { - logger.warn("Failed to send password reset email: user not found"); audit.error(Errors.USER_NOT_FOUND); } else { UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false); @@ -337,19 +332,18 @@ public class RequiredActionsService { private AccessCode getAccessCodeEntry(RequiredAction requiredAction) { String code = uriInfo.getQueryParameters().getFirst(OAuth2Constants.CODE); if (code == null) { - logger.debug("getAccessCodeEntry code as not in query param"); + logger.debug("Code query param not found"); return null; } AccessCode accessCode = AccessCode.parse(code, session, realm); if (accessCode == null) { - logger.debug("getAccessCodeEntry access code entry null"); + logger.debug("Access code not found"); return null; } if (!accessCode.isValid(requiredAction)) { - logger.debugv("getAccessCodeEntry: access code id: {0}", accessCode.getCodeId()); - logger.debugv("getAccessCodeEntry access code not valid"); + logger.debugv("Invalid access code"); return null; } @@ -371,7 +365,7 @@ public class RequiredActionsService { return Flows.forms(session, realm, null, uriInfo).setAccessCode(accessCode.getCode()).setUser(user) .createResponse(requiredActions.iterator().next()); } else { - logger.debugv("redirectOauth: redirecting to: {0}", accessCode.getRedirectUri()); + logger.debugv("Redirecting to: {0}", accessCode.getRedirectUri()); accessCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN); AuthenticationManager authManager = new AuthenticationManager(); diff --git a/services/src/main/java/org/keycloak/services/resources/SocialResource.java b/services/src/main/java/org/keycloak/services/resources/SocialResource.java index 1c68403c5b..a61c60a266 100755 --- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java +++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java @@ -70,7 +70,6 @@ import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; import java.io.IOException; -import java.net.URI; import java.net.URISyntaxException; import java.util.HashMap; import java.util.List; @@ -113,7 +112,7 @@ public class SocialResource { try { initialRequest = new JWSInput(encodedState).readJsonContent(State.class); } catch (Throwable t) { - logger.warn("Invalid social callback", t); + logger.error("Invalid social callback", t); return Flows.forms(session, null, null, uriInfo).setError("Unexpected callback").createErrorPage(); } @@ -218,7 +217,7 @@ public class SocialResource { } session.users().addSocialLink(realm, authenticatedUser, socialLink); - logger.debug("Social provider " + provider.getId() + " linked with user " + authenticatedUser.getUsername()); + logger.debugv("Social provider {0} linked with user {1}", provider.getId(), authenticatedUser.getUsername()); audit.success(); return Response.status(302).location(UriBuilder.fromUri(redirectUri).build()).build(); @@ -291,13 +290,11 @@ public class SocialResource { ClientModel client = realm.findClient(clientId); if (client == null) { audit.error(Errors.CLIENT_NOT_FOUND); - logger.warn("Unknown login requester: " + clientId); return Flows.forms(session, realm, null, uriInfo).setError("Unknown login requester.").createErrorPage(); } if (!client.isEnabled()) { audit.error(Errors.CLIENT_DISABLED); - logger.warn("Login requester not enabled."); return Flows.forms(session, realm, null, uriInfo).setError("Login requester not enabled.").createErrorPage(); } redirectUri = TokenService.verifyRedirectUri(uriInfo, redirectUri, realm, client); diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index 9e5d039b6e..c247dc6168 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -420,7 +420,6 @@ public class TokenService { @Produces(MediaType.APPLICATION_JSON) public Response refreshAccessToken(final @HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader, final MultivaluedMap form) { - logger.info("--> refreshAccessToken"); if (!checkSsl()) { return createError("https_required", "HTTPS required", Response.Status.FORBIDDEN); } @@ -434,7 +433,6 @@ public class TokenService { error.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_REQUEST); error.put(OAuth2Constants.ERROR_DESCRIPTION, "No refresh token"); audit.error(Errors.INVALID_TOKEN); - logger.error("OAuth Error: no refresh token"); return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build(); } AccessToken accessToken; @@ -445,7 +443,6 @@ public class TokenService { error.put(OAuth2Constants.ERROR, e.getError()); if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription()); audit.error(Errors.INVALID_TOKEN); - logger.error("OAuth Error", e); return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build(); } @@ -475,13 +472,10 @@ public class TokenService { public Response processLogin(@QueryParam("client_id") final String clientId, @QueryParam("scope") final String scopeParam, @QueryParam("state") final String state, @QueryParam("redirect_uri") String redirect, final MultivaluedMap formData) { - logger.debug("TokenService.processLogin"); - String username = formData.getFirst(AuthenticationManager.FORM_USERNAME); String rememberMe = formData.getFirst("rememberMe"); boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("on"); - logger.debug("*** Remember me: " + remember); audit.event(EventType.LOGIN).client(clientId) .detail(Details.REDIRECT_URI, redirect) @@ -600,19 +594,16 @@ public class TokenService { OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager); if (!realm.isEnabled()) { - logger.warn("Realm not enabled"); audit.error(Errors.REALM_DISABLED); return oauth.forwardToSecurityFailure("Realm not enabled"); } ClientModel client = realm.findClient(clientId); if (client == null) { - logger.warn("Unknown login requester."); audit.error(Errors.CLIENT_NOT_FOUND); return oauth.forwardToSecurityFailure("Unknown login requester."); } if (!client.isEnabled()) { - logger.warn("Login requester not enabled."); audit.error(Errors.CLIENT_DISABLED); return oauth.forwardToSecurityFailure("Login requester not enabled."); } @@ -624,7 +615,6 @@ public class TokenService { } if (!realm.isRegistrationAllowed()) { - logger.warn("Registration not allowed"); audit.error(Errors.REGISTRATION_DISABLED); return oauth.forwardToSecurityFailure("Registration not allowed"); } @@ -695,7 +685,9 @@ public class TokenService { @OPTIONS @Produces("application/json") public Response accessCodeToTokenPreflight() { - logger.debugv("cors request from: {0}" , request.getHttpHeaders().getRequestHeaders().getFirst("Origin")); + if (logger.isDebugEnabled()) { + logger.debugv("cors request from: {0}", request.getHttpHeaders().getRequestHeaders().getFirst("Origin")); + } return Cors.add(request, Response.ok()).auth().preflight().build(); } @@ -712,8 +704,6 @@ public class TokenService { @POST @Produces("application/json") public Response accessCodeToToken(@HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader, final MultivaluedMap formData) { - logger.debug("accessRequest <---"); - if (!checkSsl()) { throw new ForbiddenException("HTTPS required"); } @@ -806,8 +796,6 @@ public class TokenService { .build(); } - logger.debug("accessRequest SUCCESS"); - AccessToken token = tokenManager.createClientAccessToken(accessCode.getRequestedRoles(), realm, client, user, userSession); try { @@ -841,7 +829,6 @@ public class TokenService { client_id = usernameSecret[0]; clientSecret = usernameSecret[1]; } else { - logger.info("no authorization header"); client_id = formData.getFirst(OAuth2Constants.CLIENT_ID); clientSecret = formData.getFirst("client_secret"); } @@ -911,8 +898,6 @@ public class TokenService { @QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId, final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state, final @QueryParam("prompt") String prompt, final @QueryParam("login_hint") String loginHint) { - logger.info("TokenService.loginPage"); - audit.event(EventType.LOGIN).client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code"); OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager); @@ -922,19 +907,16 @@ public class TokenService { } if (!realm.isEnabled()) { - logger.warn("Realm not enabled"); audit.error(Errors.REALM_DISABLED); return oauth.forwardToSecurityFailure("Realm not enabled"); } ClientModel client = realm.findClient(clientId); if (client == null) { - logger.warn("Unknown login requester: " + clientId); audit.error(Errors.CLIENT_NOT_FOUND); return oauth.forwardToSecurityFailure("Unknown login requester."); } if (!client.isEnabled()) { - logger.warn("Login requester not enabled."); audit.error(Errors.CLIENT_DISABLED); return oauth.forwardToSecurityFailure("Login requester not enabled."); } @@ -952,13 +934,11 @@ public class TokenService { return oauth.forwardToSecurityFailure("Invalid redirect_uri."); } - logger.info("Checking cookie..."); AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, uriInfo, clientConnection, headers); if (authResult != null) { UserModel user = authResult.getUser(); UserSessionModel session = authResult.getSession(); - logger.debug(user.getUsername() + " already logged in."); audit.user(user).session(session).detail(Details.AUTH_METHOD, "sso"); return oauth.processAccessCode(scopeParam, state, redirect, client, user, session, audit); } @@ -994,8 +974,6 @@ public class TokenService { public Response registerPage(final @QueryParam("response_type") String responseType, @QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId, final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state) { - logger.info("**********registerPage()"); - audit.event(EventType.REGISTER).client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code"); OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager); @@ -1005,19 +983,16 @@ public class TokenService { } if (!realm.isEnabled()) { - logger.warn("Realm not enabled"); audit.error(Errors.REALM_DISABLED); return oauth.forwardToSecurityFailure("Realm not enabled"); } ClientModel client = realm.findClient(clientId); if (client == null) { - logger.warn("Unknown login requester."); audit.error(Errors.CLIENT_NOT_FOUND); return oauth.forwardToSecurityFailure("Unknown login requester."); } if (!client.isEnabled()) { - logger.warn("Login requester not enabled."); audit.error(Errors.CLIENT_DISABLED); return oauth.forwardToSecurityFailure("Login requester not enabled."); } @@ -1029,7 +1004,6 @@ public class TokenService { } if (!realm.isRegistrationAllowed()) { - logger.warn("Registration not allowed"); audit.error(Errors.REGISTRATION_DISABLED); return oauth.forwardToSecurityFailure("Registration not allowed"); } @@ -1092,7 +1066,6 @@ public class TokenService { @Consumes(MediaType.APPLICATION_FORM_URLENCODED) public Response logoutToken(final @HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader, final MultivaluedMap form) { - logger.info("--> logoutToken"); if (!checkSsl()) { throw new NotAcceptableException("HTTPS required"); } @@ -1106,7 +1079,6 @@ public class TokenService { error.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_REQUEST); error.put(OAuth2Constants.ERROR_DESCRIPTION, "No refresh token"); audit.error(Errors.INVALID_TOKEN); - logger.error("OAuth Error: no refresh token"); return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build(); } try { @@ -1120,7 +1092,6 @@ public class TokenService { error.put(OAuth2Constants.ERROR, e.getError()); if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription()); audit.error(Errors.INVALID_TOKEN); - logger.error("OAuth Error", e); return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build(); } return Cors.add(request, Response.noContent()).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build(); @@ -1263,13 +1234,12 @@ public class TokenService { } redirectUri = validRedirect; } else if (validRedirects.isEmpty()) { - logger.error("No Redirect URIs supplied"); + logger.debug("No Redirect URIs supplied"); redirectUri = null; } else { String r = redirectUri.indexOf('?') != -1 ? redirectUri.substring(0, redirectUri.indexOf('?')) : redirectUri; Set resolveValidRedirects = resolveValidRedirects(uriInfo, validRedirects); - boolean valid = matchesRedirects(resolveValidRedirects, r); if (!valid && r.startsWith(Constants.INSTALLED_APP_URL) && r.indexOf(':', Constants.INSTALLED_APP_URL.length()) >= 0) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java index cce5a0bc4b..6287a311d3 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java @@ -200,11 +200,11 @@ public class AdminConsole { throw new NotFoundException("No realm found"); boolean createRealm = false; if (realm.equals(masterRealm)) { - logger.info("setting up realm access for a master realm user"); + logger.debug("setting up realm access for a master realm user"); createRealm = user.hasRole(masterRealm.getRole(AdminRoles.CREATE_REALM)); addMasterRealmAccess(realm, user, realmAccess); } else { - logger.info("setting up realm access for a realm user"); + logger.debug("setting up realm access for a realm user"); addRealmAccess(realm, user, realmAccess); } if (realmAccess.size() == 0) { @@ -290,7 +290,6 @@ public class AdminConsole { @Path("js/keycloak.js") @Produces("text/javascript") public Response getKeycloakJs() { - //logger.info("**** -> getting console keycloak.js" + " uri: " + uriInfo.getRequestUri().toString()); InputStream inputStream = getClass().getClassLoader().getResourceAsStream("keycloak.js"); if (inputStream != null) { return Response.ok(inputStream).build(); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java index 5b3954451e..ee94a5923c 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java @@ -179,14 +179,14 @@ public class AdminRoot { @Path("realms") public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) { if (request.getHttpMethod().equalsIgnoreCase("OPTIONS")) { - logger.info("*** CORS ADMIN PREFLIGHT!!!!"); + logger.debug("Cors admin pre-flight"); Response response = Cors.add(request, Response.ok()).preflight().allowedMethods("GET", "PUT", "POST", "DELETE").auth().build(); throw new WebApplicationException(response); } AdminAuth auth = authenticateRealmAdminRequest(headers); if (auth != null) { - logger.info("authenticated admin access for: " + auth.getUser().getUsername()); + logger.debug("authenticated admin access for: " + auth.getUser().getUsername()); } Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").auth().build(response); diff --git a/testsuite/integration/src/main/resources/log4j.properties b/testsuite/integration/src/main/resources/log4j.properties index 050a8898b2..315b7ca2f6 100755 --- a/testsuite/integration/src/main/resources/log4j.properties +++ b/testsuite/integration/src/main/resources/log4j.properties @@ -7,4 +7,5 @@ log4j.appender.stdout.layout.ConversionPattern=%d{HH:mm:ss,SSS} %-5p [%c] %m%n log4j.logger.org.keycloak=info log4j.logger.org.xnio=off -log4j.logger.org.hibernate=info \ No newline at end of file +log4j.logger.org.hibernate=off +log4j.logger.org.jboss.resteasy=warn \ No newline at end of file diff --git a/timer/basic/src/main/java/org/keycloak/timer/basic/BasicTimerProvider.java b/timer/basic/src/main/java/org/keycloak/timer/basic/BasicTimerProvider.java index aa1a3f9e66..fbca43838f 100644 --- a/timer/basic/src/main/java/org/keycloak/timer/basic/BasicTimerProvider.java +++ b/timer/basic/src/main/java/org/keycloak/timer/basic/BasicTimerProvider.java @@ -32,11 +32,11 @@ public class BasicTimerProvider implements TimerProvider { TimerTask existingTask = factory.putTask(taskName, task); if (existingTask != null) { - logger.infof("Existing timer task '%s' found. Cancelling it", taskName); + logger.debugf("Existing timer task '%s' found. Cancelling it", taskName); existingTask.cancel(); } - logger.infof("Starting task '%s' with interval '%d'", taskName, interval); + logger.debugf("Starting task '%s' with interval '%d'", taskName, interval); timer.schedule(task, interval, interval); } @@ -44,7 +44,7 @@ public class BasicTimerProvider implements TimerProvider { public void cancelTask(String taskName) { TimerTask existingTask = factory.removeTask(taskName); if (existingTask != null) { - logger.infof("Cancelling task '%s'", taskName); + logger.debugf("Cancelling task '%s'", taskName); existingTask.cancel(); } }