diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpUsernamePasswordForm.java b/services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpUsernamePasswordForm.java index df8dac57d5..4828245203 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpUsernamePasswordForm.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpUsernamePasswordForm.java @@ -18,6 +18,7 @@ package org.keycloak.authentication.authenticators.broker; import jakarta.ws.rs.core.MultivaluedHashMap; +import org.jboss.logging.Logger; import org.keycloak.authentication.AuthenticationFlowContext; import org.keycloak.authentication.AuthenticationFlowError; import org.keycloak.authentication.AuthenticationFlowException; @@ -45,6 +46,8 @@ import jakarta.ws.rs.core.Response; */ public class IdpUsernamePasswordForm extends UsernamePasswordForm { + private final static Logger log = Logger.getLogger(IdpUsernamePasswordForm.class); + @Override protected Response challenge(AuthenticationFlowContext context, MultivaluedMap formData) { return setupForm(context, formData, getExistingUser(context)) diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java b/services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java index e554a88710..ffb916e90c 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java @@ -24,7 +24,6 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.protocol.oidc.OIDCLoginProtocol; -import org.keycloak.services.ServicesLogger; import org.keycloak.services.managers.AuthenticationManager; import jakarta.ws.rs.core.MultivaluedHashMap; @@ -36,7 +35,6 @@ import jakarta.ws.rs.core.Response; * @version $Revision: 1 $ */ public class UsernamePasswordForm extends AbstractUsernameFormAuthenticator implements Authenticator { - protected static ServicesLogger log = ServicesLogger.LOGGER; @Override public void action(AuthenticationFlowContext context) { diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/client/X509ClientAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/client/X509ClientAuthenticator.java index 10382ad103..bec2495a3a 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/client/X509ClientAuthenticator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/X509ClientAuthenticator.java @@ -1,5 +1,6 @@ package org.keycloak.authentication.authenticators.client; +import org.jboss.logging.Logger; import org.keycloak.OAuth2Constants; import org.keycloak.authentication.AuthenticationFlowError; import org.keycloak.authentication.ClientAuthenticationFlowContext; @@ -8,7 +9,6 @@ import org.keycloak.models.ClientModel; import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper; import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.provider.ProviderConfigProperty; -import org.keycloak.services.ServicesLogger; import org.keycloak.services.x509.X509ClientCertificateLookup; import javax.security.auth.x500.X500Principal; @@ -23,7 +23,6 @@ import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Optional; import java.util.Set; import java.util.regex.Pattern; import java.util.stream.Collectors; @@ -54,8 +53,7 @@ public class X509ClientAuthenticator extends AbstractClientAuthenticator { CUSTOM_OIDS_REVERSED.put("E", "1.2.840.113549.1.9.1"); // Another synonym for "EMAILADDRESS" } - protected static ServicesLogger logger = ServicesLogger.LOGGER; - + private final static Logger logger = Logger.getLogger(X509ClientAuthenticator.class); @Override public void authenticateClient(ClientAuthenticationFlowContext context) { diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticator.java index 587b6fac88..a8bc72f3ea 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticator.java @@ -29,6 +29,7 @@ import jakarta.ws.rs.core.Response; import org.apache.commons.codec.binary.Hex; +import org.jboss.logging.Logger; import org.keycloak.authentication.AuthenticationFlowContext; import org.keycloak.authentication.Authenticator; import org.keycloak.common.crypto.CryptoIntegration; @@ -43,7 +44,6 @@ import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; -import org.keycloak.services.ServicesLogger; import org.keycloak.services.x509.X509ClientCertificateLookup; @@ -56,7 +56,6 @@ import org.keycloak.services.x509.X509ClientCertificateLookup; public abstract class AbstractX509ClientCertificateAuthenticator implements Authenticator { public static final String DEFAULT_ATTRIBUTE_NAME = "usercertificate"; - protected static ServicesLogger logger = ServicesLogger.LOGGER; public static final String REGULAR_EXPRESSION = "x509-cert-auth.regular-expression"; public static final String ENABLE_CRL = "x509-cert-auth.crl-checking-enabled"; @@ -94,6 +93,7 @@ public abstract class AbstractX509ClientCertificateAuthenticator implements Auth public static final String CONFIRMATION_PAGE_DISALLOWED = "x509-cert-auth.confirmation-page-disallowed"; public static final String REVALIDATE_CERTIFICATE = "x509-cert-auth.revalidate-certificate-enabled"; + private final static Logger logger = Logger.getLogger(AbstractX509ClientCertificateAuthenticator.class);; protected Response createInfoResponse(AuthenticationFlowContext context, String infoMessage, Object ... parameters) { LoginFormsProvider form = context.form(); @@ -139,16 +139,16 @@ public abstract class AbstractX509ClientCertificateAuthenticator implements Auth private static final Function subject = certs -> { return certs[0].getSubjectX500Principal(); }; - + private static Function getSerialnumberFunc(X509AuthenticatorConfigModel config) { - return config.isSerialnumberHex() ? - certs -> Hex.encodeHexString(certs[0].getSerialNumber().toByteArray()) : + return config.isSerialnumberHex() ? + certs -> Hex.encodeHexString(certs[0].getSerialNumber().toByteArray()) : certs -> certs[0].getSerialNumber().toString(); } - + private static Function getIssuerDNFunc(X509AuthenticatorConfigModel config) { - return config.isCanonicalDnEnabled() ? - certs -> certs[0].getIssuerX500Principal().getName(X500Principal.CANONICAL) : + return config.isCanonicalDnEnabled() ? + certs -> certs[0].getIssuerX500Principal().getName(X500Principal.CANONICAL) : certs -> certs[0].getIssuerDN().toString(); } diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticatorFactory.java index 25500bc398..8b38faff4f 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticatorFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateAuthenticatorFactory.java @@ -28,7 +28,6 @@ import org.keycloak.Config; import org.keycloak.authentication.AuthenticatorFactory; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; -import org.keycloak.services.ServicesLogger; import static org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.*; import static org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CERTIFICATE_KEY_USAGE; @@ -67,8 +66,6 @@ import static org.keycloak.provider.ProviderConfigProperty.TEXT_TYPE; public abstract class AbstractX509ClientCertificateAuthenticatorFactory implements AuthenticatorFactory { - protected static ServicesLogger logger = ServicesLogger.LOGGER; - private static final String[] mappingSources = { MAPPING_SOURCE_CERT_SUBJECTDN, MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL, @@ -118,7 +115,7 @@ public abstract class AbstractX509ClientCertificateAuthenticatorFactory implemen serialnumberHex.setDefaultValue(Boolean.toString(false)); serialnumberHex.setHelpText("Use the hex representation of the serial number. This option is relevant for authenticators using serial number."); - + ProviderConfigProperty regExp = new ProviderConfigProperty(); regExp.setType(STRING_TYPE); regExp.setName(REGULAR_EXPRESSION); diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java b/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java index a55acc259c..4656896b66 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java @@ -66,13 +66,13 @@ import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.util.EntityUtils; +import org.jboss.logging.Logger; import org.keycloak.common.crypto.CryptoIntegration; import org.keycloak.common.util.PemUtils; import org.keycloak.common.util.Time; import org.keycloak.connections.httpclient.HttpClientProvider; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; -import org.keycloak.services.ServicesLogger; import org.keycloak.truststore.TruststoreProvider; import org.keycloak.utils.CRLUtils; import org.keycloak.utils.OCSPProvider; @@ -85,7 +85,7 @@ import org.keycloak.utils.OCSPProvider; public class CertificateValidator { - private static final ServicesLogger logger = ServicesLogger.LOGGER; + private final static Logger logger = Logger.getLogger(CertificateValidator.class); enum KeyUsageBits { DIGITAL_SIGNATURE(0, "digitalSignature"), diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java b/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java index 3be742cffb..2d97fcc6e8 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java @@ -22,6 +22,7 @@ import java.security.cert.X509Certificate; import jakarta.ws.rs.core.Response; +import org.jboss.logging.Logger; import org.keycloak.authentication.AuthenticationFlowContext; import org.keycloak.authentication.AuthenticationFlowError; import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator; @@ -41,7 +42,7 @@ import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils public class ValidateX509CertificateUsername extends AbstractX509ClientCertificateDirectGrantAuthenticator { - protected static ServicesLogger logger = ServicesLogger.LOGGER; + private final static Logger logger = Logger.getLogger(ValidateX509CertificateUsername.class); @Override public void authenticate(AuthenticationFlowContext context) { @@ -104,7 +105,7 @@ public class ValidateX509CertificateUsername extends AbstractX509ClientCertifica user = getUserIdentityToModelMapper(config).find(context, userIdentity); } catch(ModelDuplicateException e) { - logger.modelDuplicateException(e); + ServicesLogger.LOGGER.modelDuplicateException(e); String errorMessage = String.format("X509 certificate authentication's failed. Reason: \"%s\"", e.getMessage()); Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", errorMessage); context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse); diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/x509/X509ClientCertificateAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/x509/X509ClientCertificateAuthenticator.java index 84dac629a2..9d753192cb 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/X509ClientCertificateAuthenticator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/X509ClientCertificateAuthenticator.java @@ -27,6 +27,7 @@ import jakarta.ws.rs.core.MultivaluedHashMap; import jakarta.ws.rs.core.MultivaluedMap; import jakarta.ws.rs.core.Response; +import org.jboss.logging.Logger; import org.keycloak.authentication.AuthenticationFlowContext; import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator; import org.keycloak.events.Details; @@ -35,6 +36,7 @@ import org.keycloak.forms.login.LoginFormsProvider; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.UserModel; import org.keycloak.models.utils.FormMessage; +import org.keycloak.services.ServicesLogger; import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils.getDisabledByBruteForceEventError; @@ -45,6 +47,8 @@ import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils */ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertificateAuthenticator { + private final static Logger logger = Logger.getLogger(X509ClientCertificateAuthenticator.class); + @Override public void close() { @@ -61,7 +65,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif if (certs == null || certs.length == 0) { // No x509 client cert, fall through and // continue processing the rest of the authentication flow - logger.debug("[X509ClientCertificateAuthenticator:authenticate] x509 client certificate is not available for mutual SSL."); + logger.debug("[authenticate] x509 client certificate is not available for mutual SSL."); context.attempted(); return; } @@ -74,7 +78,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif config = new X509AuthenticatorConfigModel(context.getAuthenticatorConfig()); } if (config == null) { - logger.warn("[X509ClientCertificateAuthenticator:authenticate] x509 Client Certificate Authentication configuration is not available."); + logger.warn("[authenticate] x509 Client Certificate Authentication configuration is not available."); context.challenge(createInfoResponse(context, "X509 client authentication has not been configured yet")); context.attempted(); return; @@ -104,7 +108,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif Object userIdentity = getUserIdentityExtractor(config).extractUserIdentity(certs); if (userIdentity == null) { context.getEvent().error(Errors.INVALID_USER_CREDENTIALS); - logger.warnf("[X509ClientCertificateAuthenticator:authenticate] Unable to extract user identity from certificate."); + logger.warnf("[authenticate] Unable to extract user identity from certificate."); // TODO use specific locale to load error messages String errorMessage = "Unable to extract user identity from specified certificate"; // TODO is calling form().setErrors enough to show errors on login screen? @@ -120,7 +124,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif user = getUserIdentityToModelMapper(config).find(context, userIdentity); } catch(ModelDuplicateException e) { - logger.modelDuplicateException(e); + ServicesLogger.LOGGER.modelDuplicateException(e); String errorMessage = "X509 certificate authentication's failed."; // TODO is calling form().setErrors enough to show errors on login screen? context.challenge(createErrorResponse(context, certs[0].getSubjectDN().getName(), @@ -179,7 +183,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif } } catch(Exception e) { - logger.errorf("[X509ClientCertificateAuthenticator:authenticate] Exception: %s", e.getMessage()); + logger.errorf(e, "[authenticate] Exception: %s", e.getMessage()); context.attempted(); } } @@ -234,7 +238,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif Map attributeNames = context.getSession().getAttributes(); for (String name : attributeNames.keySet()) { - logger.tracef("[X509ClientCertificateAuthenticator:dumpContainerAttributes] \"%s\"", name); + logger.tracef("[dumpContainerAttributes] \"%s\"", name); } }