Avoid using plain log messages in ServiceLogger (#32893)

Closes #32891 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-18 12:36:58 +02:00 · 2024-09-18 12:36:58 +02:00 · 8ef7007e3c
commit 8ef7007e3c
parent 4ce40be1af
8 changed files with 29 additions and 28 deletions
--- a/services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpUsernamePasswordForm.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpUsernamePasswordForm.java
@ -18,6 +18,7 @@
 package org.keycloak.authentication.authenticators.broker;

 import jakarta.ws.rs.core.MultivaluedHashMap;
+import org.jboss.logging.Logger;
 import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.AuthenticationFlowError;
 import org.keycloak.authentication.AuthenticationFlowException;
@ -45,6 +46,8 @@ import jakarta.ws.rs.core.Response;
 */
 public class IdpUsernamePasswordForm extends UsernamePasswordForm {

+    private final static Logger log = Logger.getLogger(IdpUsernamePasswordForm.class);
+
    @Override
    protected Response challenge(AuthenticationFlowContext context, MultivaluedMap<String, String> formData) {
        return setupForm(context, formData, getExistingUser(context))
--- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java
@ -24,7 +24,6 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
-import org.keycloak.services.ServicesLogger;
 import org.keycloak.services.managers.AuthenticationManager;

 import jakarta.ws.rs.core.MultivaluedHashMap;
@ -36,7 +35,6 @@ import jakarta.ws.rs.core.Response;
 * @version $Revision: 1 $
 */
 public class UsernamePasswordForm extends AbstractUsernameFormAuthenticator implements Authenticator {
-    protected static ServicesLogger log = ServicesLogger.LOGGER;

    @Override
    public void action(AuthenticationFlowContext context) {
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/X509ClientAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/X509ClientAuthenticator.java
@ -1,5 +1,6 @@
 package org.keycloak.authentication.authenticators.client;

+import org.jboss.logging.Logger;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.authentication.AuthenticationFlowError;
 import org.keycloak.authentication.ClientAuthenticationFlowContext;
@ -8,7 +9,6 @@ import org.keycloak.models.ClientModel;
 import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
 import org.keycloak.provider.ProviderConfigProperty;
-import org.keycloak.services.ServicesLogger;
 import org.keycloak.services.x509.X509ClientCertificateLookup;

 import javax.security.auth.x500.X500Principal;
@ -23,7 +23,6 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.Set;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
@ -54,8 +53,7 @@ public class X509ClientAuthenticator extends AbstractClientAuthenticator {
        CUSTOM_OIDS_REVERSED.put("E", "1.2.840.113549.1.9.1"); // Another synonym for "EMAILADDRESS"
    }

-    protected static ServicesLogger logger = ServicesLogger.LOGGER;
-
+    private final static Logger logger = Logger.getLogger(X509ClientAuthenticator.class);

    @Override
    public void authenticateClient(ClientAuthenticationFlowContext context) {
--- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticator.java
@ -29,6 +29,7 @@ import jakarta.ws.rs.core.Response;

 import org.apache.commons.codec.binary.Hex;

+import org.jboss.logging.Logger;
 import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.Authenticator;
 import org.keycloak.common.crypto.CryptoIntegration;
@ -43,7 +44,6 @@ import org.keycloak.models.Constants;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
-import org.keycloak.services.ServicesLogger;
 import org.keycloak.services.x509.X509ClientCertificateLookup;


@ -56,7 +56,6 @@ import org.keycloak.services.x509.X509ClientCertificateLookup;
 public abstract class AbstractX509ClientCertificateAuthenticator implements Authenticator {

    public static final String DEFAULT_ATTRIBUTE_NAME = "usercertificate";
-    protected static ServicesLogger logger = ServicesLogger.LOGGER;

    public static final String REGULAR_EXPRESSION = "x509-cert-auth.regular-expression";
    public static final String ENABLE_CRL = "x509-cert-auth.crl-checking-enabled";
@ -94,6 +93,7 @@ public abstract class AbstractX509ClientCertificateAuthenticator implements Auth
    public static final String CONFIRMATION_PAGE_DISALLOWED = "x509-cert-auth.confirmation-page-disallowed";
    public static final String REVALIDATE_CERTIFICATE = "x509-cert-auth.revalidate-certificate-enabled";

+    private final static Logger logger = Logger.getLogger(AbstractX509ClientCertificateAuthenticator.class);;

    protected Response createInfoResponse(AuthenticationFlowContext context, String infoMessage, Object ... parameters) {
        LoginFormsProvider form = context.form();
@ -139,16 +139,16 @@ public abstract class AbstractX509ClientCertificateAuthenticator implements Auth
        private static final Function<X509Certificate[],Principal> subject = certs -> {
            return certs[0].getSubjectX500Principal();
        };
-        
+
        private static Function<X509Certificate[], String> getSerialnumberFunc(X509AuthenticatorConfigModel config) {
-            return config.isSerialnumberHex() ? 
-                    certs -> Hex.encodeHexString(certs[0].getSerialNumber().toByteArray()) : 
+            return config.isSerialnumberHex() ?
+                    certs -> Hex.encodeHexString(certs[0].getSerialNumber().toByteArray()) :
                    certs -> certs[0].getSerialNumber().toString();
        }
-        
+
        private static Function<X509Certificate[], String> getIssuerDNFunc(X509AuthenticatorConfigModel config) {
-            return config.isCanonicalDnEnabled() ? 
-                    certs -> certs[0].getIssuerX500Principal().getName(X500Principal.CANONICAL) : 
+            return config.isCanonicalDnEnabled() ?
+                    certs -> certs[0].getIssuerX500Principal().getName(X500Principal.CANONICAL) :
                    certs -> certs[0].getIssuerDN().toString();
        }

--- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticatorFactory.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticatorFactory.java
@ -28,7 +28,6 @@ import org.keycloak.Config;
 import org.keycloak.authentication.AuthenticatorFactory;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.provider.ProviderConfigProperty;
-import org.keycloak.services.ServicesLogger;

 import static org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.*;
 import static org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CERTIFICATE_KEY_USAGE;
@ -67,8 +66,6 @@ import static org.keycloak.provider.ProviderConfigProperty.TEXT_TYPE;

 public abstract class AbstractX509ClientCertificateAuthenticatorFactory implements AuthenticatorFactory {

-    protected static ServicesLogger logger = ServicesLogger.LOGGER;
-
    private static final String[] mappingSources = {
            MAPPING_SOURCE_CERT_SUBJECTDN,
            MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL,
@ -118,7 +115,7 @@ public abstract class AbstractX509ClientCertificateAuthenticatorFactory implemen
        serialnumberHex.setDefaultValue(Boolean.toString(false));
        serialnumberHex.setHelpText("Use the hex representation of the serial number. This option is relevant for authenticators using serial number.");

-        
+
        ProviderConfigProperty regExp = new ProviderConfigProperty();
        regExp.setType(STRING_TYPE);
        regExp.setName(REGULAR_EXPRESSION);
--- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java
@ -66,13 +66,13 @@ import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.util.EntityUtils;
+import org.jboss.logging.Logger;
 import org.keycloak.common.crypto.CryptoIntegration;
 import org.keycloak.common.util.PemUtils;
 import org.keycloak.common.util.Time;
 import org.keycloak.connections.httpclient.HttpClientProvider;
 import org.keycloak.models.Constants;
 import org.keycloak.models.KeycloakSession;
-import org.keycloak.services.ServicesLogger;
 import org.keycloak.truststore.TruststoreProvider;
 import org.keycloak.utils.CRLUtils;
 import org.keycloak.utils.OCSPProvider;
@ -85,7 +85,7 @@ import org.keycloak.utils.OCSPProvider;

 public class CertificateValidator {

-    private static final ServicesLogger logger = ServicesLogger.LOGGER;
+    private final static Logger logger = Logger.getLogger(CertificateValidator.class);

    enum KeyUsageBits {
        DIGITAL_SIGNATURE(0, "digitalSignature"),
--- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java
@ -22,6 +22,7 @@ import java.security.cert.X509Certificate;

 import jakarta.ws.rs.core.Response;

+import org.jboss.logging.Logger;
 import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.AuthenticationFlowError;
 import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
@ -41,7 +42,7 @@ import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils

 public class ValidateX509CertificateUsername extends AbstractX509ClientCertificateDirectGrantAuthenticator {

-    protected static ServicesLogger logger = ServicesLogger.LOGGER;
+    private final static Logger logger = Logger.getLogger(ValidateX509CertificateUsername.class);

    @Override
    public void authenticate(AuthenticationFlowContext context) {
@ -104,7 +105,7 @@ public class ValidateX509CertificateUsername extends AbstractX509ClientCertifica
            user = getUserIdentityToModelMapper(config).find(context, userIdentity);
        }
        catch(ModelDuplicateException e) {
-            logger.modelDuplicateException(e);
+            ServicesLogger.LOGGER.modelDuplicateException(e);
            String errorMessage = String.format("X509 certificate authentication's failed. Reason: \"%s\"", e.getMessage());
            Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", errorMessage);
            context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
--- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/X509ClientCertificateAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/X509ClientCertificateAuthenticator.java
@ -27,6 +27,7 @@ import jakarta.ws.rs.core.MultivaluedHashMap;
 import jakarta.ws.rs.core.MultivaluedMap;
 import jakarta.ws.rs.core.Response;

+import org.jboss.logging.Logger;
 import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
 import org.keycloak.events.Details;
@ -35,6 +36,7 @@ import org.keycloak.forms.login.LoginFormsProvider;
 import org.keycloak.models.ModelDuplicateException;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.FormMessage;
+import org.keycloak.services.ServicesLogger;

 import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils.getDisabledByBruteForceEventError;

@ -45,6 +47,8 @@ import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils
 */
 public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertificateAuthenticator {

+    private final static Logger logger = Logger.getLogger(X509ClientCertificateAuthenticator.class);
+
    @Override
    public void close() {

@ -61,7 +65,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
            if (certs == null || certs.length == 0) {
                // No x509 client cert, fall through and
                // continue processing the rest of the authentication flow
-                logger.debug("[X509ClientCertificateAuthenticator:authenticate] x509 client certificate is not available for mutual SSL.");
+                logger.debug("[authenticate] x509 client certificate is not available for mutual SSL.");
                context.attempted();
                return;
            }
@ -74,7 +78,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
                config = new X509AuthenticatorConfigModel(context.getAuthenticatorConfig());
            }
            if (config == null) {
-                logger.warn("[X509ClientCertificateAuthenticator:authenticate] x509 Client Certificate Authentication configuration is not available.");
+                logger.warn("[authenticate] x509 Client Certificate Authentication configuration is not available.");
                context.challenge(createInfoResponse(context, "X509 client authentication has not been configured yet"));
                context.attempted();
                return;
@ -104,7 +108,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
            Object userIdentity = getUserIdentityExtractor(config).extractUserIdentity(certs);
            if (userIdentity == null) {
                context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
-                logger.warnf("[X509ClientCertificateAuthenticator:authenticate] Unable to extract user identity from certificate.");
+                logger.warnf("[authenticate] Unable to extract user identity from certificate.");
                // TODO use specific locale to load error messages
                String errorMessage = "Unable to extract user identity from specified certificate";
                // TODO is calling form().setErrors enough to show errors on login screen?
@ -120,7 +124,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
                user = getUserIdentityToModelMapper(config).find(context, userIdentity);
            }
            catch(ModelDuplicateException e) {
-                logger.modelDuplicateException(e);
+                ServicesLogger.LOGGER.modelDuplicateException(e);
                String errorMessage = "X509 certificate authentication's failed.";
                // TODO is calling form().setErrors enough to show errors on login screen?
                context.challenge(createErrorResponse(context, certs[0].getSubjectDN().getName(),
@ -179,7 +183,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
            }
        }
        catch(Exception e) {
-            logger.errorf("[X509ClientCertificateAuthenticator:authenticate] Exception: %s", e.getMessage());
+            logger.errorf(e, "[authenticate] Exception: %s", e.getMessage());
            context.attempted();
        }
    }
@ -234,7 +238,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif

        Map<String, Object> attributeNames = context.getSession().getAttributes();
        for (String name : attributeNames.keySet()) {
-            logger.tracef("[X509ClientCertificateAuthenticator:dumpContainerAttributes] \"%s\"", name);
+            logger.tracef("[dumpContainerAttributes] \"%s\"", name);
        }
    }