KEYCLOAK-531 Reduce info level logging

2014-08-27 11:03:01 +02:00 · 2014-08-27 11:03:01 +02:00 · 55bd889a0f
commit 55bd889a0f
parent 269a0dbec1
20 changed files with 67 additions and 143 deletions
--- a/core/src/test/java/org/keycloak/RSAVerifierTest.java
+++ b/core/src/test/java/org/keycloak/RSAVerifierTest.java
@ -206,7 +206,6 @@ public class RSAVerifierTest {
            v = verifySkeletonKeyToken(encoded);
            Assert.fail();
        } catch (VerificationException ignored) {
            System.out.println(ignored.getMessage());
        }
    }
@ -225,7 +224,6 @@ public class RSAVerifierTest {
        try {
            v = verifySkeletonKeyToken(encoded);
        } catch (VerificationException ignored) {
            System.out.println(ignored.getMessage());
        }
    }
--- a/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java
+++ b/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java
@ -24,8 +24,6 @@ public class SkeletonKeyTokenTest {
        token.addAccess("bar").addRole("user");
        String json = JsonSerialization.writeValueAsString(token);
        System.out.println(json);
        token = JsonSerialization.readValue(json, AccessToken.class);
        Assert.assertEquals("111", token.getId());
        AccessToken.Access foo = token.getResourceAccess("foo");
@ -47,8 +45,6 @@ public class SkeletonKeyTokenTest {
                .jsonContent(token)
                .rsa256(keyPair.getPrivate());
        System.out.println(encoded);
        JWSInput input = new JWSInput(encoded);
        token = input.readJsonContent(AccessToken.class);
--- a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
+++ b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
@ -1,5 +1,12 @@
 <chapter id="Migration_from_older_versions">
    <title>Migration from older versions</title>
    <sect1>
        <title>Migrating from 1.0 RC-1 to RC-2</title>
        <itemizedlist>
            <listitem>A lot of info level logging has been changed to debug. Also, a realm no longer has the jboss-logging audit listener by default.
            If you want log output when users login, logout, change passwords, etc. enable the jboss-logging audit listener through the admin console.</listitem>
         </itemizedlist>
    </sect1>
    <sect1>
        <title>Migrating from 1.0 Beta 4 to RC-1</title>
        <itemizedlist>
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
@ -74,7 +74,7 @@ public class KeycloakServletExtension implements ServletExtension {
        if (is == null) {
            String path = context.getInitParameter("keycloak.config.file");
            if (path == null) {
-                log.info("**** using /WEB-INF/keycloak.json");
+                log.debug("using /WEB-INF/keycloak.json");
                is = context.getResourceAsStream("/WEB-INF/keycloak.json");
            } else {
                try {
@ -91,10 +91,10 @@ public class KeycloakServletExtension implements ServletExtension {
    @Override
    public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
        if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK")) {
-            log.info("auth-method is not keycloak!");
+            log.debug("auth-method is not keycloak!");
            return;
        }
-        log.info("KeycloakServletException initialization");
+        log.debug("KeycloakServletException initialization");
        InputStream is = getConfigInputStream(servletContext);
        KeycloakDeployment deployment = null;
        if (is == null) {
@ -139,14 +139,14 @@ public class KeycloakServletExtension implements ServletExtension {
            }
        });
-        log.info("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
+        log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
        ServletSessionConfig cookieConfig = new ServletSessionConfig();
        cookieConfig.setPath(deploymentInfo.getContextPath());
        deploymentInfo.setServletSessionConfig(cookieConfig);
    }
    protected ServletKeycloakAuthMech createAuthenticationMechanism(DeploymentInfo deploymentInfo, AdapterDeploymentContext deploymentContext, UndertowUserSessionManagement userSessionManagement) {
-       log.info("creating ServletKeycloakAuthMech");
+       log.debug("creating ServletKeycloakAuthMech");
       return new ServletKeycloakAuthMech(deploymentContext, userSessionManagement, deploymentInfo.getConfidentialPortManager());
    }
 }
--- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@ -397,7 +397,7 @@ public class RepresentationToModel {
            if (resourceRep.getRedirectUris() != null) {
                Set<String> origins = new HashSet<String>();
                for (String redirectUri : resourceRep.getRedirectUris()) {
-                    logger.info("add redirectUri to origin: " + redirectUri);
+                    logger.debugv("add redirect-uri to origin: {0}", redirectUri);
                    if (redirectUri.startsWith("http:")) {
                        URI uri = URI.create(redirectUri);
                        String origin = uri.getScheme() + "://" + uri.getHost();
--- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
+++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
@ -38,7 +38,7 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
                factories.put(factory.getId(), factory);
-                log.info("Loaded SPI " + spi.getName() + " (provider = " + provider + ")");
+                log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
            } else {
                for (ProviderFactory factory : ServiceLoader.load(spi.getProviderFactoryClass())) {
                    Config.Scope scope = Config.scope(spi.getName(), factory.getId());
@ -51,9 +51,9 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
                    provider = factories.values().iterator().next().getId();
                    this.provider.put(spi.getProviderClass(), provider);
-                    log.info("Loaded SPI " + spi.getName() + " (provider = " + provider + ")");
+                    log.debugv("Loaded SPI {0}  (provider = {1})", spi.getName(), provider);
                } else {
-                    log.info("Loaded SPI " + spi.getName() + " (providers = " + factories.keySet() + ")");
+                    log.debugv("Loaded SPI {0} (providers = {1})", spi.getName(), factories.keySet());
                }
            }
        }
--- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
@ -60,8 +60,6 @@ public class ApplianceBootstrap {
        realm.setRegistrationAllowed(false);
        KeycloakModelUtils.generateRealmKeys(realm);
        realm.setAuditListeners(Collections.singleton("jboss-logging"));
        UserModel adminUser = session.users().addUser(realm, "admin");
        adminUser.setEnabled(true);
        UserCredentialModel password = new UserCredentialModel();
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@ -55,26 +55,19 @@ public class AuthenticationManager {
    public static boolean isSessionValid(RealmModel realm, UserSessionModel userSession) {
        if (userSession == null) {
-            logger.info("userSession was null");
+            logger.debug("No user session");
            return false;
        }
        int currentTime = Time.currentTime();
        int max = userSession.getStarted() + realm.getSsoSessionMaxLifespan();
-        boolean valid = userSession != null && userSession.getLastSessionRefresh() + realm.getSsoSessionIdleTimeout() > currentTime && max > currentTime;
+        return userSession != null && userSession.getLastSessionRefresh() + realm.getSsoSessionIdleTimeout() > currentTime && max > currentTime;
        if (!valid) {
            logger.info("userSession.getLastSessionRefresh(): " + userSession.getLastSessionRefresh());
            logger.info("realm.getSsoSessionIdleTimeout(): " + realm.getSsoSessionIdleTimeout());
            logger.info("currentTime: " + currentTime);
            logger.info("max: " + max);
        }
        return valid;
    }
    public static void logout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, UriInfo uriInfo, ClientConnection connection) {
        if (userSession == null) return;
        UserModel user = userSession.getUser();
-        logger.infov("Logging out: {0} ({1})", user.getUsername(), userSession.getId());
+        logger.debugv("Logging out: {0} ({1})", user.getUsername(), userSession.getId());
        session.sessions().removeUserSession(realm, userSession);
        expireIdentityCookie(realm, uriInfo, connection);
@ -86,7 +79,6 @@ public class AuthenticationManager {
    public AccessToken createIdentityToken(RealmModel realm, UserModel user, UserSessionModel session) {
        logger.info("createIdentityToken");
        AccessToken token = new AccessToken();
        token.id(KeycloakModelUtils.generateId());
        token.issuedNow();
@ -102,17 +94,15 @@ public class AuthenticationManager {
    }
    public void createLoginCookie(RealmModel realm, UserModel user, UserSessionModel session, UriInfo uriInfo, ClientConnection connection) {
        logger.info("createLoginCookie");
        String cookiePath = getIdentityCookiePath(realm, uriInfo);
        AccessToken identityToken = createIdentityToken(realm, user, session);
        String encoded = encodeToken(realm, identityToken);
        boolean secureOnly = realm.getSslRequired().isRequired(connection);
        logger.debugv("creatingLoginCookie - name: {0} path: {1}", KEYCLOAK_IDENTITY_COOKIE, cookiePath);
        int maxAge = NewCookie.DEFAULT_MAX_AGE;
        if (session.isRememberMe()) {
            maxAge = realm.getSsoSessionIdleTimeout();
            logger.info("createLoginCookie maxAge: " + maxAge);
        }
        logger.debugv("Create login cookie - name: {0}, path: {1}, max-age: {2}", KEYCLOAK_IDENTITY_COOKIE, cookiePath, maxAge);
        CookieHelper.addCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, cookiePath, null, null, maxAge, secureOnly, true);
        //builder.cookie(new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly));// todo httponly , true);
@ -171,10 +161,9 @@ public class AuthenticationManager {
    }
    public AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers, boolean checkActive) {
        logger.info("authenticateIdentityCookie");
        Cookie cookie = headers.getCookies().get(KEYCLOAK_IDENTITY_COOKIE);
        if (cookie == null || "".equals(cookie.getValue())) {
-            logger.infov("authenticateCookie could not find cookie: {0}", KEYCLOAK_IDENTITY_COOKIE);
+            logger.debugv("Could not find cookie: {0}", KEYCLOAK_IDENTITY_COOKIE);
            return null;
        }
@ -191,35 +180,31 @@ public class AuthenticationManager {
    protected AuthResult verifyIdentityToken(KeycloakSession session, RealmModel realm, UriInfo uriInfo, ClientConnection connection, boolean checkActive, String tokenString) {
        try {
            AccessToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getName(), checkActive);
            logger.info("identity token verified");
            if (checkActive) {
                logger.info("Checking if identity token is active");
                if (!token.isActive() || token.getIssuedAt() < realm.getNotBefore()) {
-                    logger.info("identity cookie expired");
+                    logger.debug("identity cookie expired");
                    return null;
                } else {
-                    logger.info("token.isActive() : " + token.isActive());
+                    logger.debugv("token not active - active: {0}, issued-at: {1}, not-before: {2}", token.isActive(), token.getIssuedAt(), realm.getNotBefore());
                    logger.info("token.issuedAt: " + token.getIssuedAt());
                    logger.info("real.notbefore: " + realm.getNotBefore());
                }
            }
            UserModel user = session.users().getUserById(token.getSubject(), realm);
            if (user == null || !user.isEnabled() ) {
-                logger.info("Unknown user in identity token");
+                logger.debug("Unknown user in identity token");
                return null;
            }
            UserSessionModel userSession = session.sessions().getUserSession(realm, token.getSessionState());
            if (!isSessionValid(realm, userSession)) {
                if (userSession != null) logout(session, realm, userSession, uriInfo, connection);
-                logger.info("User session not active");
+                logger.debug("User session not active");
                return null;
            }
            return new AuthResult(user, userSession, token);
        } catch (VerificationException e) {
-            logger.info("Failed to verify identity token", e);
+            logger.debug("Failed to verify identity token", e);
        }
        return null;
    }
@ -227,7 +212,7 @@ public class AuthenticationManager {
    public AuthenticationStatus authenticateForm(KeycloakSession session, ClientConnection clientConnection, RealmModel realm, MultivaluedMap<String, String> formData) {
        String username = formData.getFirst(FORM_USERNAME);
        if (username == null) {
-            logger.warn("Username not provided");
+            logger.debug("Username not provided");
            return AuthenticationStatus.INVALID_USER;
        }
@ -264,11 +249,11 @@ public class AuthenticationManager {
        UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
        if (user == null) {
-            logger.warn("User " + username + " not found");
+            logger.debugv("User {0} not found", username);
            return AuthenticationStatus.INVALID_USER;
        }
-        if (!checkEnabled(user)) {
+        if (!user.isEnabled()) {
            return AuthenticationStatus.ACCOUNT_DISABLED;
        }
@ -282,7 +267,7 @@ public class AuthenticationManager {
            List<UserCredentialModel> credentials = new LinkedList<UserCredentialModel>();
            String password = formData.getFirst(CredentialRepresentation.PASSWORD);
            if (password == null) {
-                logger.warn("Password not provided");
+                logger.debug("Password not provided");
                return AuthenticationStatus.MISSING_PASSWORD;
            }
            credentials.add(UserCredentialModel.password(password));
@ -290,7 +275,7 @@ public class AuthenticationManager {
            if (user.isTotp()) {
                String token = formData.getFirst(CredentialRepresentation.TOTP);
                if (token == null) {
-                    logger.warn("TOTP token not provided");
+                    logger.debug("TOTP token not provided");
                    return AuthenticationStatus.MISSING_TOTP;
                }
                credentials.add(UserCredentialModel.totp(token));
@ -311,7 +296,7 @@ public class AuthenticationManager {
        } else if (types.contains(CredentialRepresentation.SECRET)) {
            String secret = formData.getFirst(CredentialRepresentation.SECRET);
            if (secret == null) {
-                logger.warn("Secret not provided");
+                logger.debug("Secret not provided");
                return AuthenticationStatus.MISSING_PASSWORD;
            }
            if (!session.users().validCredentials(realm, user, UserCredentialModel.secret(secret))) {
@ -328,15 +313,6 @@ public class AuthenticationManager {
        }
    }
    private boolean checkEnabled(UserModel user) {
        if (!user.isEnabled()) {
            logger.warn("AccountProvider is disabled, contact admin. " + user.getUsername());
            return false;
        } else {
            return true;
        }
    }
    public enum AuthenticationStatus {
        SUCCESS, ACCOUNT_TEMPORARILY_DISABLED, ACCOUNT_DISABLED, ACTIONS_REQUIRED, INVALID_USER, INVALID_CREDENTIALS, MISSING_PASSWORD, MISSING_TOTP, FAILED
    }
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@ -86,8 +86,6 @@ public class RealmManager {
        setupAccountManagement(realm);
        setupAdminConsole(realm);
        realm.setAuditListeners(Collections.singleton("jboss-logging"));
        return realm;
    }
@ -226,11 +224,6 @@ public class RealmManager {
        RepresentationToModel.importRealm(session, rep, realm);
        if (realm.getAuditListeners().size() == 0) {
            realm.setAuditListeners(Collections.singleton("jboss-logging"));
        }
        // Refresh periodic sync tasks for configured federationProviders
        List<UserFederationProviderModel> federationProviders = realm.getUserFederationProviders();
        UsersSyncManager usersSyncManager = new UsersSyncManager();
--- a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
@ -59,7 +59,7 @@ public class ResourceAdminManager {
            SessionStatsAction adminAction = new SessionStatsAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, application.getName());
            adminAction.setListUsers(users);
            String token = new TokenManager().encodeToken(realm, adminAction);
-            logger.infov("session stats for application: {0} url: {1}", application.getName(), managementUrl);
+            logger.debugv("session stats for application: {0} url: {1}", application.getName(), managementUrl);
            ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_GET_SESSION_STATS).build().toString());
            ClientResponse<SessionStats> response = null;
            try {
@ -90,7 +90,7 @@ public class ResourceAdminManager {
                response.releaseConnection();
            }
        } else {
-            logger.info("no management url.");
+            logger.debug("no management url.");
            return null;
        }
@ -121,7 +121,7 @@ public class ResourceAdminManager {
        if (managementUrl != null) {
            UserStatsAction adminAction = new UserStatsAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, application.getName(), user.getId());
            String token = new TokenManager().encodeToken(realm, adminAction);
-            logger.infov("session stats for application: {0} url: {1}", application.getName(), managementUrl);
+            logger.debugv("session stats for application: {0} url: {1}", application.getName(), managementUrl);
            ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_GET_USER_STATS).build().toString());
            ClientResponse<UserStats> response = null;
            try {
@ -141,7 +141,7 @@ public class ResourceAdminManager {
                response.releaseConnection();
            }
        } else {
-            logger.info("no management url.");
+            logger.debug("no management url.");
            return null;
        }
@ -210,7 +210,7 @@ public class ResourceAdminManager {
        if (managementUrl != null) {
            LogoutAction adminAction = new LogoutAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getName(), user, session, notBefore);
            String token = new TokenManager().encodeToken(realm, adminAction);
-            logger.infov("logout user: {0} resource: {1} url: {2}", user, resource.getName(), managementUrl);
+            logger.debugv("logout user: {0} resource: {1} url: {2}", user, resource.getName(), managementUrl);
            ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_LOGOUT).build().toString());
            ClientResponse response;
            try {
@ -220,13 +220,13 @@ public class ResourceAdminManager {
            }
            try {
                boolean success = response.getStatus() == 204;
-                logger.info("logout success.");
+                logger.debug("logout success.");
                return success;
            } finally {
                response.releaseConnection();
            }
        } else {
-            logger.info("Can't logout " + resource.getName() + " no mgmt url.");
+            logger.debugv("Can't logout {0}: no management url", resource.getName());
            return false;
        }
    }
@ -260,7 +260,7 @@ public class ResourceAdminManager {
        if (managementUrl != null) {
            PushNotBeforeAction adminAction = new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getName(), notBefore);
            String token = new TokenManager().encodeToken(realm, adminAction);
-            logger.infov("pushRevocation resource: {0} url: {1}", resource.getName(), managementUrl);
+            logger.debugv("pushRevocation resource: {0} url: {1}", resource.getName(), managementUrl);
            ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_PUSH_NOT_BEFORE).build().toString());
            ClientResponse response = null;
            try {
@ -271,13 +271,13 @@ public class ResourceAdminManager {
            try {
                boolean success = response.getStatus() == 204;
-                logger.info("pushRevocation success.");
+                logger.debug("pushRevocation success.");
                return success;
            } finally {
                response.releaseConnection();
            }
        } else {
-            logger.info("no management URL for application: " + resource.getName());
+            logger.debug("no management URL for application: " + resource.getName());
            return false;
        }
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@ -586,7 +586,7 @@ public class AccountService {
                    if (session.users().getSocialLinks(user, realm).size() > 1 || user.getFederationLink() != null) {
                        session.users().removeSocialLink(realm, user, providerId);
-                        logger.debug("Social provider " + providerId + " removed successfully from user " + user.getUsername());
+                        logger.debugv("Social provider {0} removed successfully from user {1}", providerId, user.getUsername());
                        audit.event(EventType.REMOVE_SOCIAL_LINK).client(auth.getClient()).user(auth.getUser())
                                .detail(Details.USERNAME, link.getSocialUserId() + "@" + link.getSocialProvider())
@ -603,9 +603,7 @@ public class AccountService {
                    return account.setError(Messages.SOCIAL_LINK_NOT_ACTIVE).createResponse(AccountPages.SOCIAL);
                }
            default:
-                // Shouldn't happen
+                throw new IllegalArgumentException();
                logger.warn("Action is null!");
                return null;
        }
    }
--- a/services/src/main/java/org/keycloak/services/resources/Cors.java
+++ b/services/src/main/java/org/keycloak/services/resources/Cors.java
@ -129,18 +129,17 @@ public class Cors {
        return builder.build();
    }
    public void build(HttpResponse response) {
        logger.info("build CORS");
        String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN_HEADER);
        if (origin == null) {
-            logger.info("No origin returning");
+            logger.debug("No origin returning");
            return;
        }
        if (!preflight && (allowedOrigins == null || !allowedOrigins.contains(origin))) {
-            logger.info("!preflight and no origin");
+            logger.debug("!preflight and no origin");
            return;
        }
-        logger.info("build CORS headers and return");
+        logger.debug("build CORS headers and return");
        response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
        if (allowedMethods != null) {
--- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
@ -92,10 +92,8 @@ public class RealmsResource {
    public String getLoginStatusIframe(final @PathParam("realm") String name,
                                       @QueryParam("client_id") String client_id,
                                       @QueryParam("origin") String origin) {
        logger.info("getLoginStatusIframe");
        AuthenticationManager auth = new AuthenticationManager();
        //logger.info("getting login-status-iframe.html for client_id: " + client_id);
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = locateRealm(name, realmManager);
        ClientModel client = realm.findClient(client_id);
--- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
@ -69,6 +69,7 @@ import java.util.concurrent.TimeUnit;
 * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
 */
 public class RequiredActionsService {
    protected static final Logger logger = Logger.getLogger(RequiredActionsService.class);
    private RealmModel realm;
@ -180,13 +181,10 @@ public class RequiredActionsService {
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    public Response updatePassword(final MultivaluedMap<String, String> formData) {
        logger.debug("updatePassword");
        AccessCode accessCode = getAccessCodeEntry(RequiredAction.UPDATE_PASSWORD);
        if (accessCode == null) {
            logger.debug("updatePassword access code is null");
            return unauthorized();
        }
        logger.debug("updatePassword has access code");
        UserModel user = getUser(accessCode);
@ -208,8 +206,6 @@ public class RequiredActionsService {
            return loginForms.setError(ape.getMessage()).createResponse(RequiredAction.UPDATE_PASSWORD);
        }
        logger.debug("updatePassword updated credential");
        user.removeRequiredAction(RequiredAction.UPDATE_PASSWORD);
        audit.clone().event(EventType.UPDATE_PASSWORD).success();
@ -306,7 +302,6 @@ public class RequiredActionsService {
        }
        if (user == null) {
            logger.warn("Failed to send password reset email: user not found");
            audit.error(Errors.USER_NOT_FOUND);
        } else {
            UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false);
@ -337,19 +332,18 @@ public class RequiredActionsService {
    private AccessCode getAccessCodeEntry(RequiredAction requiredAction) {
        String code = uriInfo.getQueryParameters().getFirst(OAuth2Constants.CODE);
        if (code == null) {
-            logger.debug("getAccessCodeEntry code as not in query param");
+            logger.debug("Code query param not found");
            return null;
        }
        AccessCode accessCode = AccessCode.parse(code, session, realm);
        if (accessCode == null) {
-            logger.debug("getAccessCodeEntry access code entry null");
+            logger.debug("Access code not found");
            return null;
        }
        if (!accessCode.isValid(requiredAction)) {
-            logger.debugv("getAccessCodeEntry: access code id: {0}", accessCode.getCodeId());
+            logger.debugv("Invalid access code");
            logger.debugv("getAccessCodeEntry access code not valid");
            return null;
        }
@ -371,7 +365,7 @@ public class RequiredActionsService {
            return Flows.forms(session, realm, null, uriInfo).setAccessCode(accessCode.getCode()).setUser(user)
                    .createResponse(requiredActions.iterator().next());
        } else {
-            logger.debugv("redirectOauth: redirecting to: {0}", accessCode.getRedirectUri());
+            logger.debugv("Redirecting to: {0}", accessCode.getRedirectUri());
            accessCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN);
            AuthenticationManager authManager = new AuthenticationManager();
--- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
@ -70,7 +70,6 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.HashMap;
 import java.util.List;
@ -113,7 +112,7 @@ public class SocialResource {
        try {
            initialRequest = new JWSInput(encodedState).readJsonContent(State.class);
        } catch (Throwable t) {
-            logger.warn("Invalid social callback", t);
+            logger.error("Invalid social callback", t);
            return Flows.forms(session, null, null, uriInfo).setError("Unexpected callback").createErrorPage();
        }
@ -218,7 +217,7 @@ public class SocialResource {
                }
                session.users().addSocialLink(realm, authenticatedUser, socialLink);
-                logger.debug("Social provider " + provider.getId() + " linked with user " + authenticatedUser.getUsername());
+                logger.debugv("Social provider {0} linked with user {1}", provider.getId(), authenticatedUser.getUsername());
                audit.success();
                return Response.status(302).location(UriBuilder.fromUri(redirectUri).build()).build();
@ -291,13 +290,11 @@ public class SocialResource {
        ClientModel client = realm.findClient(clientId);
        if (client == null) {
            audit.error(Errors.CLIENT_NOT_FOUND);
            logger.warn("Unknown login requester: " + clientId);
            return Flows.forms(session, realm, null, uriInfo).setError("Unknown login requester.").createErrorPage();
        }
        if (!client.isEnabled()) {
            audit.error(Errors.CLIENT_DISABLED);
            logger.warn("Login requester not enabled.");
            return Flows.forms(session, realm, null, uriInfo).setError("Login requester not enabled.").createErrorPage();
        }
        redirectUri = TokenService.verifyRedirectUri(uriInfo, redirectUri, realm, client);
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@ -420,7 +420,6 @@ public class TokenService {
    @Produces(MediaType.APPLICATION_JSON)
    public Response refreshAccessToken(final @HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader,
                                       final MultivaluedMap<String, String> form) {
        logger.info("--> refreshAccessToken");
        if (!checkSsl()) {
            return createError("https_required", "HTTPS required", Response.Status.FORBIDDEN);
        }
@ -434,7 +433,6 @@ public class TokenService {
            error.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_REQUEST);
            error.put(OAuth2Constants.ERROR_DESCRIPTION, "No refresh token");
            audit.error(Errors.INVALID_TOKEN);
            logger.error("OAuth Error: no refresh token");
            return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
        }
        AccessToken accessToken;
@ -445,7 +443,6 @@ public class TokenService {
            error.put(OAuth2Constants.ERROR, e.getError());
            if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription());
            audit.error(Errors.INVALID_TOKEN);
            logger.error("OAuth Error", e);
            return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
        }
@ -475,13 +472,10 @@ public class TokenService {
    public Response processLogin(@QueryParam("client_id") final String clientId, @QueryParam("scope") final String scopeParam,
                                 @QueryParam("state") final String state, @QueryParam("redirect_uri") String redirect,
                                 final MultivaluedMap<String, String> formData) {
        logger.debug("TokenService.processLogin");
        String username = formData.getFirst(AuthenticationManager.FORM_USERNAME);
        String rememberMe = formData.getFirst("rememberMe");
        boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("on");
        logger.debug("*** Remember me: " + remember);
        audit.event(EventType.LOGIN).client(clientId)
                .detail(Details.REDIRECT_URI, redirect)
@ -600,19 +594,16 @@ public class TokenService {
        OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager);
        if (!realm.isEnabled()) {
            logger.warn("Realm not enabled");
            audit.error(Errors.REALM_DISABLED);
            return oauth.forwardToSecurityFailure("Realm not enabled");
        }
        ClientModel client = realm.findClient(clientId);
        if (client == null) {
            logger.warn("Unknown login requester.");
            audit.error(Errors.CLIENT_NOT_FOUND);
            return oauth.forwardToSecurityFailure("Unknown login requester.");
        }
        if (!client.isEnabled()) {
            logger.warn("Login requester not enabled.");
            audit.error(Errors.CLIENT_DISABLED);
            return oauth.forwardToSecurityFailure("Login requester not enabled.");
        }
@ -624,7 +615,6 @@ public class TokenService {
        }
        if (!realm.isRegistrationAllowed()) {
            logger.warn("Registration not allowed");
            audit.error(Errors.REGISTRATION_DISABLED);
            return oauth.forwardToSecurityFailure("Registration not allowed");
        }
@ -695,7 +685,9 @@ public class TokenService {
    @OPTIONS
    @Produces("application/json")
    public Response accessCodeToTokenPreflight() {
-        logger.debugv("cors request from: {0}" , request.getHttpHeaders().getRequestHeaders().getFirst("Origin"));
+        if (logger.isDebugEnabled()) {
            logger.debugv("cors request from: {0}", request.getHttpHeaders().getRequestHeaders().getFirst("Origin"));
        }
        return Cors.add(request, Response.ok()).auth().preflight().build();
    }
@ -712,8 +704,6 @@ public class TokenService {
    @POST
    @Produces("application/json")
    public Response accessCodeToToken(@HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader, final MultivaluedMap<String, String> formData) {
        logger.debug("accessRequest <---");
        if (!checkSsl()) {
            throw new ForbiddenException("HTTPS required");
        }
@ -806,8 +796,6 @@ public class TokenService {
                    .build();
        }
        logger.debug("accessRequest SUCCESS");
        AccessToken token = tokenManager.createClientAccessToken(accessCode.getRequestedRoles(), realm, client, user, userSession);
        try {
@ -841,7 +829,6 @@ public class TokenService {
            client_id = usernameSecret[0];
            clientSecret = usernameSecret[1];
        } else {
            logger.info("no authorization header");
            client_id = formData.getFirst(OAuth2Constants.CLIENT_ID);
            clientSecret = formData.getFirst("client_secret");
        }
@ -911,8 +898,6 @@ public class TokenService {
                              @QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId,
                              final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state, final @QueryParam("prompt") String prompt,
                              final @QueryParam("login_hint") String loginHint) {
        logger.info("TokenService.loginPage");
        audit.event(EventType.LOGIN).client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code");
        OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager);
@ -922,19 +907,16 @@ public class TokenService {
        }
        if (!realm.isEnabled()) {
            logger.warn("Realm not enabled");
            audit.error(Errors.REALM_DISABLED);
            return oauth.forwardToSecurityFailure("Realm not enabled");
        }
        ClientModel client = realm.findClient(clientId);
        if (client == null) {
            logger.warn("Unknown login requester: " + clientId);
            audit.error(Errors.CLIENT_NOT_FOUND);
            return oauth.forwardToSecurityFailure("Unknown login requester.");
        }
        if (!client.isEnabled()) {
            logger.warn("Login requester not enabled.");
            audit.error(Errors.CLIENT_DISABLED);
            return oauth.forwardToSecurityFailure("Login requester not enabled.");
        }
@ -952,13 +934,11 @@ public class TokenService {
            return oauth.forwardToSecurityFailure("Invalid redirect_uri.");
        }
        logger.info("Checking cookie...");
        AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, uriInfo, clientConnection, headers);
        if (authResult != null) {
            UserModel user = authResult.getUser();
            UserSessionModel session = authResult.getSession();
            logger.debug(user.getUsername() + " already logged in.");
            audit.user(user).session(session).detail(Details.AUTH_METHOD, "sso");
            return oauth.processAccessCode(scopeParam, state, redirect, client, user, session, audit);
        }
@ -994,8 +974,6 @@ public class TokenService {
    public Response registerPage(final @QueryParam("response_type") String responseType,
                                 @QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId,
                                 final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state) {
        logger.info("**********registerPage()");
        audit.event(EventType.REGISTER).client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code");
        OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager);
@ -1005,19 +983,16 @@ public class TokenService {
        }
        if (!realm.isEnabled()) {
            logger.warn("Realm not enabled");
            audit.error(Errors.REALM_DISABLED);
            return oauth.forwardToSecurityFailure("Realm not enabled");
        }
        ClientModel client = realm.findClient(clientId);
        if (client == null) {
            logger.warn("Unknown login requester.");
            audit.error(Errors.CLIENT_NOT_FOUND);
            return oauth.forwardToSecurityFailure("Unknown login requester.");
        }
        if (!client.isEnabled()) {
            logger.warn("Login requester not enabled.");
            audit.error(Errors.CLIENT_DISABLED);
            return oauth.forwardToSecurityFailure("Login requester not enabled.");
        }
@ -1029,7 +1004,6 @@ public class TokenService {
        }
        if (!realm.isRegistrationAllowed()) {
            logger.warn("Registration not allowed");
            audit.error(Errors.REGISTRATION_DISABLED);
            return oauth.forwardToSecurityFailure("Registration not allowed");
        }
@ -1092,7 +1066,6 @@ public class TokenService {
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    public Response logoutToken(final @HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader,
                                       final MultivaluedMap<String, String> form) {
        logger.info("--> logoutToken");
        if (!checkSsl()) {
            throw new NotAcceptableException("HTTPS required");
        }
@ -1106,7 +1079,6 @@ public class TokenService {
            error.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_REQUEST);
            error.put(OAuth2Constants.ERROR_DESCRIPTION, "No refresh token");
            audit.error(Errors.INVALID_TOKEN);
            logger.error("OAuth Error: no refresh token");
            return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
        }
        try {
@ -1120,7 +1092,6 @@ public class TokenService {
            error.put(OAuth2Constants.ERROR, e.getError());
            if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription());
            audit.error(Errors.INVALID_TOKEN);
            logger.error("OAuth Error", e);
            return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
        }
       return Cors.add(request, Response.noContent()).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
@ -1263,13 +1234,12 @@ public class TokenService {
            }
            redirectUri = validRedirect;
        } else if (validRedirects.isEmpty()) {
-            logger.error("No Redirect URIs supplied");
+            logger.debug("No Redirect URIs supplied");
            redirectUri = null;
        } else {
            String r = redirectUri.indexOf('?') != -1 ? redirectUri.substring(0, redirectUri.indexOf('?')) : redirectUri;
            Set<String> resolveValidRedirects = resolveValidRedirects(uriInfo, validRedirects);
            boolean valid = matchesRedirects(resolveValidRedirects, r);
            if (!valid && r.startsWith(Constants.INSTALLED_APP_URL) && r.indexOf(':', Constants.INSTALLED_APP_URL.length()) >= 0) {
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
@ -200,11 +200,11 @@ public class AdminConsole {
            throw new NotFoundException("No realm found");
        boolean createRealm = false;
        if (realm.equals(masterRealm)) {
-            logger.info("setting up realm access for a master realm user");
+            logger.debug("setting up realm access for a master realm user");
            createRealm = user.hasRole(masterRealm.getRole(AdminRoles.CREATE_REALM));
            addMasterRealmAccess(realm, user, realmAccess);
        } else {
-            logger.info("setting up realm access for a realm user");
+            logger.debug("setting up realm access for a realm user");
            addRealmAccess(realm, user, realmAccess);
        }
        if (realmAccess.size() == 0) {
@ -290,7 +290,6 @@ public class AdminConsole {
    @Path("js/keycloak.js")
    @Produces("text/javascript")
    public Response getKeycloakJs() {
        //logger.info("**** -> getting console keycloak.js" + " uri: " + uriInfo.getRequestUri().toString());
        InputStream inputStream = getClass().getClassLoader().getResourceAsStream("keycloak.js");
        if (inputStream != null) {
            return Response.ok(inputStream).build();
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
@ -179,14 +179,14 @@ public class AdminRoot {
    @Path("realms")
    public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
        if (request.getHttpMethod().equalsIgnoreCase("OPTIONS")) {
-            logger.info("*** CORS ADMIN PREFLIGHT!!!!");
+            logger.debug("Cors admin pre-flight");
            Response response = Cors.add(request, Response.ok()).preflight().allowedMethods("GET", "PUT", "POST", "DELETE").auth().build();
            throw new WebApplicationException(response);
        }
        AdminAuth auth = authenticateRealmAdminRequest(headers);
        if (auth != null) {
-            logger.info("authenticated admin access for: " + auth.getUser().getUsername());
+            logger.debug("authenticated admin access for: " + auth.getUser().getUsername());
        }
        Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").auth().build(response);
--- a/testsuite/integration/src/main/resources/log4j.properties
+++ b/testsuite/integration/src/main/resources/log4j.properties
@ -7,4 +7,5 @@ log4j.appender.stdout.layout.ConversionPattern=%d{HH:mm:ss,SSS} %-5p [%c] %m%n
 log4j.logger.org.keycloak=info
 log4j.logger.org.xnio=off
-log4j.logger.org.hibernate=info
+log4j.logger.org.hibernate=off
 log4j.logger.org.jboss.resteasy=warn
--- a/timer/basic/src/main/java/org/keycloak/timer/basic/BasicTimerProvider.java
+++ b/timer/basic/src/main/java/org/keycloak/timer/basic/BasicTimerProvider.java
@ -32,11 +32,11 @@ public class BasicTimerProvider implements TimerProvider {
        TimerTask existingTask = factory.putTask(taskName, task);
        if (existingTask != null) {
-            logger.infof("Existing timer task '%s' found. Cancelling it", taskName);
+            logger.debugf("Existing timer task '%s' found. Cancelling it", taskName);
            existingTask.cancel();
        }
-        logger.infof("Starting task '%s' with interval '%d'", taskName, interval);
+        logger.debugf("Starting task '%s' with interval '%d'", taskName, interval);
        timer.schedule(task, interval, interval);
    }
@ -44,7 +44,7 @@ public class BasicTimerProvider implements TimerProvider {
    public void cancelTask(String taskName) {
        TimerTask existingTask = factory.removeTask(taskName);
        if (existingTask != null) {
-            logger.infof("Cancelling task '%s'", taskName);
+            logger.debugf("Cancelling task '%s'", taskName);
            existingTask.cancel();
        }
    }