Avoid using plain log messages in ServiceLogger (#32893)
Closes #32891 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz
GitHub
parent
4ce40be1af
commit
8ef7007e3c
8 changed files with 29 additions and 28 deletions
|
|
@ -18,6 +18,7 @@
|
||||||
package org.keycloak.authentication.authenticators.broker;
|
package org.keycloak.authentication.authenticators.broker;
|
||||||
|
|
||||||
import jakarta.ws.rs.core.MultivaluedHashMap;
|
import jakarta.ws.rs.core.MultivaluedHashMap;
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.AuthenticationFlowException;
|
import org.keycloak.authentication.AuthenticationFlowException;
|
||||||
|
|
@ -45,6 +46,8 @@ import jakarta.ws.rs.core.Response;
|
||||||
*/
|
*/
|
||||||
public class IdpUsernamePasswordForm extends UsernamePasswordForm {
|
public class IdpUsernamePasswordForm extends UsernamePasswordForm {
|
||||||
|
|
||||||
|
private final static Logger log = Logger.getLogger(IdpUsernamePasswordForm.class);
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Response challenge(AuthenticationFlowContext context, MultivaluedMap<String, String> formData) {
|
protected Response challenge(AuthenticationFlowContext context, MultivaluedMap<String, String> formData) {
|
||||||
return setupForm(context, formData, getExistingUser(context))
|
return setupForm(context, formData, getExistingUser(context))
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
import org.keycloak.services.ServicesLogger;
|
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
|
|
||||||
import jakarta.ws.rs.core.MultivaluedHashMap;
|
import jakarta.ws.rs.core.MultivaluedHashMap;
|
||||||
|
|
@ -36,7 +35,6 @@ import jakarta.ws.rs.core.Response;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class UsernamePasswordForm extends AbstractUsernameFormAuthenticator implements Authenticator {
|
public class UsernamePasswordForm extends AbstractUsernameFormAuthenticator implements Authenticator {
|
||||||
protected static ServicesLogger log = ServicesLogger.LOGGER;
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void action(AuthenticationFlowContext context) {
|
public void action(AuthenticationFlowContext context) {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
package org.keycloak.authentication.authenticators.client;
|
package org.keycloak.authentication.authenticators.client;
|
||||||
|
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.ClientAuthenticationFlowContext;
|
import org.keycloak.authentication.ClientAuthenticationFlowContext;
|
||||||
|
|
@ -8,7 +9,6 @@ import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
|
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.services.ServicesLogger;
|
|
||||||
import org.keycloak.services.x509.X509ClientCertificateLookup;
|
import org.keycloak.services.x509.X509ClientCertificateLookup;
|
||||||
|
|
||||||
import javax.security.auth.x500.X500Principal;
|
import javax.security.auth.x500.X500Principal;
|
||||||
|
|
@ -23,7 +23,6 @@ import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Optional;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.regex.Pattern;
|
import java.util.regex.Pattern;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
@ -54,8 +53,7 @@ public class X509ClientAuthenticator extends AbstractClientAuthenticator {
|
||||||
CUSTOM_OIDS_REVERSED.put("E", "1.2.840.113549.1.9.1"); // Another synonym for "EMAILADDRESS"
|
CUSTOM_OIDS_REVERSED.put("E", "1.2.840.113549.1.9.1"); // Another synonym for "EMAILADDRESS"
|
||||||
}
|
}
|
||||||
|
|
||||||
protected static ServicesLogger logger = ServicesLogger.LOGGER;
|
private final static Logger logger = Logger.getLogger(X509ClientAuthenticator.class);
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void authenticateClient(ClientAuthenticationFlowContext context) {
|
public void authenticateClient(ClientAuthenticationFlowContext context) {
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@ import jakarta.ws.rs.core.Response;
|
||||||
|
|
||||||
import org.apache.commons.codec.binary.Hex;
|
import org.apache.commons.codec.binary.Hex;
|
||||||
|
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.Authenticator;
|
import org.keycloak.authentication.Authenticator;
|
||||||
import org.keycloak.common.crypto.CryptoIntegration;
|
import org.keycloak.common.crypto.CryptoIntegration;
|
||||||
|
|
@ -43,7 +44,6 @@ import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.services.ServicesLogger;
|
|
||||||
import org.keycloak.services.x509.X509ClientCertificateLookup;
|
import org.keycloak.services.x509.X509ClientCertificateLookup;
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -56,7 +56,6 @@ import org.keycloak.services.x509.X509ClientCertificateLookup;
|
||||||
public abstract class AbstractX509ClientCertificateAuthenticator implements Authenticator {
|
public abstract class AbstractX509ClientCertificateAuthenticator implements Authenticator {
|
||||||
|
|
||||||
public static final String DEFAULT_ATTRIBUTE_NAME = "usercertificate";
|
public static final String DEFAULT_ATTRIBUTE_NAME = "usercertificate";
|
||||||
protected static ServicesLogger logger = ServicesLogger.LOGGER;
|
|
||||||
|
|
||||||
public static final String REGULAR_EXPRESSION = "x509-cert-auth.regular-expression";
|
public static final String REGULAR_EXPRESSION = "x509-cert-auth.regular-expression";
|
||||||
public static final String ENABLE_CRL = "x509-cert-auth.crl-checking-enabled";
|
public static final String ENABLE_CRL = "x509-cert-auth.crl-checking-enabled";
|
||||||
|
|
@ -94,6 +93,7 @@ public abstract class AbstractX509ClientCertificateAuthenticator implements Auth
|
||||||
public static final String CONFIRMATION_PAGE_DISALLOWED = "x509-cert-auth.confirmation-page-disallowed";
|
public static final String CONFIRMATION_PAGE_DISALLOWED = "x509-cert-auth.confirmation-page-disallowed";
|
||||||
public static final String REVALIDATE_CERTIFICATE = "x509-cert-auth.revalidate-certificate-enabled";
|
public static final String REVALIDATE_CERTIFICATE = "x509-cert-auth.revalidate-certificate-enabled";
|
||||||
|
|
||||||
|
private final static Logger logger = Logger.getLogger(AbstractX509ClientCertificateAuthenticator.class);;
|
||||||
|
|
||||||
protected Response createInfoResponse(AuthenticationFlowContext context, String infoMessage, Object ... parameters) {
|
protected Response createInfoResponse(AuthenticationFlowContext context, String infoMessage, Object ... parameters) {
|
||||||
LoginFormsProvider form = context.form();
|
LoginFormsProvider form = context.form();
|
||||||
|
|
@ -139,16 +139,16 @@ public abstract class AbstractX509ClientCertificateAuthenticator implements Auth
|
||||||
private static final Function<X509Certificate[],Principal> subject = certs -> {
|
private static final Function<X509Certificate[],Principal> subject = certs -> {
|
||||||
return certs[0].getSubjectX500Principal();
|
return certs[0].getSubjectX500Principal();
|
||||||
};
|
};
|
||||||
|
|
||||||
private static Function<X509Certificate[], String> getSerialnumberFunc(X509AuthenticatorConfigModel config) {
|
private static Function<X509Certificate[], String> getSerialnumberFunc(X509AuthenticatorConfigModel config) {
|
||||||
return config.isSerialnumberHex() ?
|
return config.isSerialnumberHex() ?
|
||||||
certs -> Hex.encodeHexString(certs[0].getSerialNumber().toByteArray()) :
|
certs -> Hex.encodeHexString(certs[0].getSerialNumber().toByteArray()) :
|
||||||
certs -> certs[0].getSerialNumber().toString();
|
certs -> certs[0].getSerialNumber().toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Function<X509Certificate[], String> getIssuerDNFunc(X509AuthenticatorConfigModel config) {
|
private static Function<X509Certificate[], String> getIssuerDNFunc(X509AuthenticatorConfigModel config) {
|
||||||
return config.isCanonicalDnEnabled() ?
|
return config.isCanonicalDnEnabled() ?
|
||||||
certs -> certs[0].getIssuerX500Principal().getName(X500Principal.CANONICAL) :
|
certs -> certs[0].getIssuerX500Principal().getName(X500Principal.CANONICAL) :
|
||||||
certs -> certs[0].getIssuerDN().toString();
|
certs -> certs[0].getIssuerDN().toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,6 @@ import org.keycloak.Config;
|
||||||
import org.keycloak.authentication.AuthenticatorFactory;
|
import org.keycloak.authentication.AuthenticatorFactory;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.services.ServicesLogger;
|
|
||||||
|
|
||||||
import static org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.*;
|
import static org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.*;
|
||||||
import static org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CERTIFICATE_KEY_USAGE;
|
import static org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CERTIFICATE_KEY_USAGE;
|
||||||
|
|
@ -67,8 +66,6 @@ import static org.keycloak.provider.ProviderConfigProperty.TEXT_TYPE;
|
||||||
|
|
||||||
public abstract class AbstractX509ClientCertificateAuthenticatorFactory implements AuthenticatorFactory {
|
public abstract class AbstractX509ClientCertificateAuthenticatorFactory implements AuthenticatorFactory {
|
||||||
|
|
||||||
protected static ServicesLogger logger = ServicesLogger.LOGGER;
|
|
||||||
|
|
||||||
private static final String[] mappingSources = {
|
private static final String[] mappingSources = {
|
||||||
MAPPING_SOURCE_CERT_SUBJECTDN,
|
MAPPING_SOURCE_CERT_SUBJECTDN,
|
||||||
MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL,
|
MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL,
|
||||||
|
|
@ -118,7 +115,7 @@ public abstract class AbstractX509ClientCertificateAuthenticatorFactory implemen
|
||||||
serialnumberHex.setDefaultValue(Boolean.toString(false));
|
serialnumberHex.setDefaultValue(Boolean.toString(false));
|
||||||
serialnumberHex.setHelpText("Use the hex representation of the serial number. This option is relevant for authenticators using serial number.");
|
serialnumberHex.setHelpText("Use the hex representation of the serial number. This option is relevant for authenticators using serial number.");
|
||||||
|
|
||||||
|
|
||||||
ProviderConfigProperty regExp = new ProviderConfigProperty();
|
ProviderConfigProperty regExp = new ProviderConfigProperty();
|
||||||
regExp.setType(STRING_TYPE);
|
regExp.setType(STRING_TYPE);
|
||||||
regExp.setName(REGULAR_EXPRESSION);
|
regExp.setName(REGULAR_EXPRESSION);
|
||||||
|
|
|
||||||
|
|
@ -66,13 +66,13 @@ import org.apache.http.client.methods.CloseableHttpResponse;
|
||||||
import org.apache.http.client.methods.HttpGet;
|
import org.apache.http.client.methods.HttpGet;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.util.EntityUtils;
|
import org.apache.http.util.EntityUtils;
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.common.crypto.CryptoIntegration;
|
import org.keycloak.common.crypto.CryptoIntegration;
|
||||||
import org.keycloak.common.util.PemUtils;
|
import org.keycloak.common.util.PemUtils;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
import org.keycloak.connections.httpclient.HttpClientProvider;
|
import org.keycloak.connections.httpclient.HttpClientProvider;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.services.ServicesLogger;
|
|
||||||
import org.keycloak.truststore.TruststoreProvider;
|
import org.keycloak.truststore.TruststoreProvider;
|
||||||
import org.keycloak.utils.CRLUtils;
|
import org.keycloak.utils.CRLUtils;
|
||||||
import org.keycloak.utils.OCSPProvider;
|
import org.keycloak.utils.OCSPProvider;
|
||||||
|
|
@ -85,7 +85,7 @@ import org.keycloak.utils.OCSPProvider;
|
||||||
|
|
||||||
public class CertificateValidator {
|
public class CertificateValidator {
|
||||||
|
|
||||||
private static final ServicesLogger logger = ServicesLogger.LOGGER;
|
private final static Logger logger = Logger.getLogger(CertificateValidator.class);
|
||||||
|
|
||||||
enum KeyUsageBits {
|
enum KeyUsageBits {
|
||||||
DIGITAL_SIGNATURE(0, "digitalSignature"),
|
DIGITAL_SIGNATURE(0, "digitalSignature"),
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ import java.security.cert.X509Certificate;
|
||||||
|
|
||||||
import jakarta.ws.rs.core.Response;
|
import jakarta.ws.rs.core.Response;
|
||||||
|
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
|
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
|
||||||
|
|
@ -41,7 +42,7 @@ import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils
|
||||||
|
|
||||||
public class ValidateX509CertificateUsername extends AbstractX509ClientCertificateDirectGrantAuthenticator {
|
public class ValidateX509CertificateUsername extends AbstractX509ClientCertificateDirectGrantAuthenticator {
|
||||||
|
|
||||||
protected static ServicesLogger logger = ServicesLogger.LOGGER;
|
private final static Logger logger = Logger.getLogger(ValidateX509CertificateUsername.class);
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void authenticate(AuthenticationFlowContext context) {
|
public void authenticate(AuthenticationFlowContext context) {
|
||||||
|
|
@ -104,7 +105,7 @@ public class ValidateX509CertificateUsername extends AbstractX509ClientCertifica
|
||||||
user = getUserIdentityToModelMapper(config).find(context, userIdentity);
|
user = getUserIdentityToModelMapper(config).find(context, userIdentity);
|
||||||
}
|
}
|
||||||
catch(ModelDuplicateException e) {
|
catch(ModelDuplicateException e) {
|
||||||
logger.modelDuplicateException(e);
|
ServicesLogger.LOGGER.modelDuplicateException(e);
|
||||||
String errorMessage = String.format("X509 certificate authentication's failed. Reason: \"%s\"", e.getMessage());
|
String errorMessage = String.format("X509 certificate authentication's failed. Reason: \"%s\"", e.getMessage());
|
||||||
Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", errorMessage);
|
Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", errorMessage);
|
||||||
context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
|
context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,7 @@ import jakarta.ws.rs.core.MultivaluedHashMap;
|
||||||
import jakarta.ws.rs.core.MultivaluedMap;
|
import jakarta.ws.rs.core.MultivaluedMap;
|
||||||
import jakarta.ws.rs.core.Response;
|
import jakarta.ws.rs.core.Response;
|
||||||
|
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
|
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
|
||||||
import org.keycloak.events.Details;
|
import org.keycloak.events.Details;
|
||||||
|
|
@ -35,6 +36,7 @@ import org.keycloak.forms.login.LoginFormsProvider;
|
||||||
import org.keycloak.models.ModelDuplicateException;
|
import org.keycloak.models.ModelDuplicateException;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.FormMessage;
|
import org.keycloak.models.utils.FormMessage;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils.getDisabledByBruteForceEventError;
|
import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils.getDisabledByBruteForceEventError;
|
||||||
|
|
||||||
|
|
@ -45,6 +47,8 @@ import static org.keycloak.authentication.authenticators.util.AuthenticatorUtils
|
||||||
*/
|
*/
|
||||||
public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertificateAuthenticator {
|
public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertificateAuthenticator {
|
||||||
|
|
||||||
|
private final static Logger logger = Logger.getLogger(X509ClientCertificateAuthenticator.class);
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void close() {
|
public void close() {
|
||||||
|
|
||||||
|
|
@ -61,7 +65,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
|
||||||
if (certs == null || certs.length == 0) {
|
if (certs == null || certs.length == 0) {
|
||||||
// No x509 client cert, fall through and
|
// No x509 client cert, fall through and
|
||||||
// continue processing the rest of the authentication flow
|
// continue processing the rest of the authentication flow
|
||||||
logger.debug("[X509ClientCertificateAuthenticator:authenticate] x509 client certificate is not available for mutual SSL.");
|
logger.debug("[authenticate] x509 client certificate is not available for mutual SSL.");
|
||||||
context.attempted();
|
context.attempted();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -74,7 +78,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
|
||||||
config = new X509AuthenticatorConfigModel(context.getAuthenticatorConfig());
|
config = new X509AuthenticatorConfigModel(context.getAuthenticatorConfig());
|
||||||
}
|
}
|
||||||
if (config == null) {
|
if (config == null) {
|
||||||
logger.warn("[X509ClientCertificateAuthenticator:authenticate] x509 Client Certificate Authentication configuration is not available.");
|
logger.warn("[authenticate] x509 Client Certificate Authentication configuration is not available.");
|
||||||
context.challenge(createInfoResponse(context, "X509 client authentication has not been configured yet"));
|
context.challenge(createInfoResponse(context, "X509 client authentication has not been configured yet"));
|
||||||
context.attempted();
|
context.attempted();
|
||||||
return;
|
return;
|
||||||
|
|
@ -104,7 +108,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
|
||||||
Object userIdentity = getUserIdentityExtractor(config).extractUserIdentity(certs);
|
Object userIdentity = getUserIdentityExtractor(config).extractUserIdentity(certs);
|
||||||
if (userIdentity == null) {
|
if (userIdentity == null) {
|
||||||
context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
|
context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
|
||||||
logger.warnf("[X509ClientCertificateAuthenticator:authenticate] Unable to extract user identity from certificate.");
|
logger.warnf("[authenticate] Unable to extract user identity from certificate.");
|
||||||
// TODO use specific locale to load error messages
|
// TODO use specific locale to load error messages
|
||||||
String errorMessage = "Unable to extract user identity from specified certificate";
|
String errorMessage = "Unable to extract user identity from specified certificate";
|
||||||
// TODO is calling form().setErrors enough to show errors on login screen?
|
// TODO is calling form().setErrors enough to show errors on login screen?
|
||||||
|
|
@ -120,7 +124,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
|
||||||
user = getUserIdentityToModelMapper(config).find(context, userIdentity);
|
user = getUserIdentityToModelMapper(config).find(context, userIdentity);
|
||||||
}
|
}
|
||||||
catch(ModelDuplicateException e) {
|
catch(ModelDuplicateException e) {
|
||||||
logger.modelDuplicateException(e);
|
ServicesLogger.LOGGER.modelDuplicateException(e);
|
||||||
String errorMessage = "X509 certificate authentication's failed.";
|
String errorMessage = "X509 certificate authentication's failed.";
|
||||||
// TODO is calling form().setErrors enough to show errors on login screen?
|
// TODO is calling form().setErrors enough to show errors on login screen?
|
||||||
context.challenge(createErrorResponse(context, certs[0].getSubjectDN().getName(),
|
context.challenge(createErrorResponse(context, certs[0].getSubjectDN().getName(),
|
||||||
|
|
@ -179,7 +183,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch(Exception e) {
|
catch(Exception e) {
|
||||||
logger.errorf("[X509ClientCertificateAuthenticator:authenticate] Exception: %s", e.getMessage());
|
logger.errorf(e, "[authenticate] Exception: %s", e.getMessage());
|
||||||
context.attempted();
|
context.attempted();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -234,7 +238,7 @@ public class X509ClientCertificateAuthenticator extends AbstractX509ClientCertif
|
||||||
|
|
||||||
Map<String, Object> attributeNames = context.getSession().getAttributes();
|
Map<String, Object> attributeNames = context.getSession().getAttributes();
|
||||||
for (String name : attributeNames.keySet()) {
|
for (String name : attributeNames.keySet()) {
|
||||||
logger.tracef("[X509ClientCertificateAuthenticator:dumpContainerAttributes] \"%s\"", name);
|
logger.tracef("[dumpContainerAttributes] \"%s\"", name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue