[resolve #9084] - Log more information in adapter-core module (#9086)

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-26 15:25:21 +02:00 · 2022-08-26 15:25:21 +02:00 · 5dbbc0e7bf
commit 5dbbc0e7bf
parent c968925298
3 changed files with 6 additions and 1 deletions
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java
@ -51,6 +51,7 @@ public class BasicAuthRequestAuthenticator extends BearerTokenRequestAuthenticat
    public AuthOutcome authenticate(HttpFacade exchange)  {
        List<String> authHeaders = exchange.getRequest().getHeaders("Authorization");
        if (authHeaders == null || authHeaders.isEmpty()) {
+            log.debug("Authorization header not present");
            challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.NO_AUTHORIZATION_HEADER, null, null);
            return AuthOutcome.NOT_ATTEMPTED;
        }
@ -64,6 +65,7 @@ public class BasicAuthRequestAuthenticator extends BearerTokenRequestAuthenticat
        }

        if (tokenString == null) {
+            log.debug("Token is not present in Authorization header");
            challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.INVALID_TOKEN, null, null);
            return AuthOutcome.NOT_ATTEMPTED;
        }
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
@ -64,6 +64,7 @@ public class BearerTokenRequestAuthenticator {
    public AuthOutcome authenticate(HttpFacade exchange)  {
        List<String> authHeaders = exchange.getRequest().getHeaders("Authorization");
        if (authHeaders == null || authHeaders.isEmpty()) {
+            log.debug("Authorization header not present");
            challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.NO_BEARER_TOKEN, null, null);
            return AuthOutcome.NOT_ATTEMPTED;
        }
@ -81,6 +82,7 @@ public class BearerTokenRequestAuthenticator {
        }

        if (tokenString == null) {
+            log.debug("Token is not present in Authorization header");
            challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.NO_BEARER_TOKEN, null, null);
            return AuthOutcome.NOT_ATTEMPTED;
        }
@ -102,7 +104,7 @@ public class BearerTokenRequestAuthenticator {
        try {
            token = AdapterTokenVerifier.verifyToken(tokenString, deployment);
        } catch (VerificationException e) {
-            log.debug("Failed to verify token");
+            log.debugf("Failed to verify token: %s", e.getMessage());
            challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.INVALID_TOKEN, "invalid_token", e.getMessage());
            return AuthOutcome.FAILED;
        }
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/QueryParameterTokenRequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/QueryParameterTokenRequestAuthenticator.java
@ -41,6 +41,7 @@ public class QueryParameterTokenRequestAuthenticator extends BearerTokenRequestA
        tokenString = null;
        tokenString = getAccessTokenFromQueryParameter(exchange);
        if (tokenString == null || tokenString.trim().isEmpty()) {
+            log.debug("Token is not present in query");
            challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.NO_QUERY_PARAMETER_ACCESS_TOKEN, null, null);
            return AuthOutcome.NOT_ATTEMPTED;
        }