From a80f07c7592e68b8972199687ee9423afd6ff9aa Mon Sep 17 00:00:00 2001 From: Mauro Mugnaini Date: Fri, 3 Jul 2020 17:31:19 +0200 Subject: [PATCH] Rationalized logs --- .../AbstractOIDCToSitesAndRolesMapper.java | 2 +- .../oidc/SlashSeparatedContextMapper.java | 33 ++++++++----------- .../java/org/gcube/oidc/rest/JWTToken.java | 15 ++++----- .../oidc/rest/OpenIdConnectRESTHelper.java | 30 +++++------------ .../org/gcube/oidc/rest/RestHelperTest.java | 9 +++-- 5 files changed, 36 insertions(+), 53 deletions(-) diff --git a/src/main/java/org/gcube/oidc/AbstractOIDCToSitesAndRolesMapper.java b/src/main/java/org/gcube/oidc/AbstractOIDCToSitesAndRolesMapper.java index f58c2ba..45cb475 100644 --- a/src/main/java/org/gcube/oidc/AbstractOIDCToSitesAndRolesMapper.java +++ b/src/main/java/org/gcube/oidc/AbstractOIDCToSitesAndRolesMapper.java @@ -15,7 +15,7 @@ public abstract class AbstractOIDCToSitesAndRolesMapper implements OIDCToSitesAn public AbstractOIDCToSitesAndRolesMapper(Map> resourceName2AccessRoles) { super(); this.resourceName2AccessRoles = resourceName2AccessRoles; - logger.info("Resource name to access roles: " + resourceName2AccessRoles); + logger.info("Resource name to access roles: {}", resourceName2AccessRoles); } } \ No newline at end of file diff --git a/src/main/java/org/gcube/oidc/SlashSeparatedContextMapper.java b/src/main/java/org/gcube/oidc/SlashSeparatedContextMapper.java index 8b4159e..00d790d 100644 --- a/src/main/java/org/gcube/oidc/SlashSeparatedContextMapper.java +++ b/src/main/java/org/gcube/oidc/SlashSeparatedContextMapper.java @@ -5,8 +5,13 @@ import java.util.Collections; import java.util.List; import java.util.Map; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapper { + protected static final Logger logger = LoggerFactory.getLogger(SlashSeparatedContextMapper.class); + private static final Boolean FAULT_TOLERANT = Boolean.TRUE; private static final String SPLIT_REGEXP = "/"; @@ -34,13 +39,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp for (String site : sites) { logger.info("Checking site: " + site); List roles = resourceName2AccessRoles.get(site); - if (logger.isDebugEnabled()) { - logger.debug("Roles for site are: " + roles); - } + logger.debug("Roles for site are: {}", roles); String[] siteTokens = site.split(SPLIT_REGEXP); - if (logger.isDebugEnabled()) { - logger.debug("Tokens are: " + siteTokens.length); - } + logger.debug("Tokens are: {}", siteTokens.length); if (siteTokens.length < MINIMUM_TOKENS) { String message = "Found " + siteTokens.length + " tokens only. Minimum should be: " + MINIMUM_TOKENS; if (FAULT_TOLERANT) { @@ -51,11 +52,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp } } String rootVO = siteTokens[ROOT_VO_TOKEN_INDEX]; - if (logger.isDebugEnabled()) { - logger.debug("Root VO is: " + rootVO); - } + logger.debug("Root VO is: {}", rootVO); if (!rootSite.equals(rootVO)) { - logger.info("Skipping evaluation of site tree not belonging to this Root VO: " + rootVO); + logger.info("Skipping evaluation of site tree not belonging to this Root VO: {}", rootVO); continue; } else { logger.info("Site belongs to this Root VO"); @@ -66,27 +65,23 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp gwSitesTree = new Site(rootVO, null); } String vo = siteTokens[VO_TOKEN_INDEX]; - if (logger.isDebugEnabled()) { - logger.debug("VO is: " + vo); - } + logger.debug("VO is: {}", vo); if (siteTokens.length == VRE_TOKEN_INDEX + 1) { if (!gwSitesTree.getChildren().containsKey(vo)) { logger.warn(vo + " VO's permissions are not set for user"); gwSitesTree.getChildren().put(vo, new Site(vo, null)); } String vre = siteTokens[VRE_TOKEN_INDEX]; - if (logger.isDebugEnabled()) { - logger.debug("VRE is: " + vre); - } - logger.info("Adding leaf site: " + vre); + logger.debug("VRE is: {}", vre); + logger.info("Adding leaf site: {}", vre); gwSitesTree.getChildren().get(vo).getChildren().put(vre, new Site(vre, roles)); } else if (!gwSitesTree.getChildren().containsKey(vo)) { - logger.info("Creating site for VO: " + vo); + logger.info("Creating site for VO: {}", vo); gwSitesTree.getChildren().put(vo, new Site(vo, roles)); } } else { if (gwSitesTree == null) { - logger.info("Creating site for Root VO: " + rootVO); + logger.info("Creating site for Root VO: {}", rootVO); gwSitesTree = new Site(rootVO, roles); } else { if (gwSitesTree.getRoles() == null) { diff --git a/src/main/java/org/gcube/oidc/rest/JWTToken.java b/src/main/java/org/gcube/oidc/rest/JWTToken.java index 7981d60..b7ebccf 100644 --- a/src/main/java/org/gcube/oidc/rest/JWTToken.java +++ b/src/main/java/org/gcube/oidc/rest/JWTToken.java @@ -31,9 +31,7 @@ public class JWTToken implements Serializable { public static JWTToken fromString(String tokenString) { if (tokenString == null) { - if (logger.isDebugEnabled()) { - logger.debug("Token string is null, cannot create token object"); - } + logger.debug("Token string is null, cannot create token object"); return null; } try { @@ -50,7 +48,7 @@ public class JWTToken implements Serializable { } private void parse() throws ParseException { - token = (JSONObject) new JSONParser().parse(this.raw); + token = (JSONObject) new JSONParser().parse(this.raw); String[] parts = getAccessTokenString().split("\\."); payload = (JSONObject) new JSONParser().parse(new String(Base64.getDecoder().decode(parts[1]))); } @@ -99,7 +97,7 @@ public class JWTToken implements Serializable { public List getAud() { List audienceStrings = new ArrayList<>(); - Object audience = getPayload().get("aud"); + Object audience = getPayload().get("aud"); if (audience instanceof String) { audienceStrings.add((String) audience); } else if (audience instanceof JSONArray) { @@ -134,7 +132,7 @@ public class JWTToken implements Serializable { public String getDisplayName() { return (String) getPayload().get("name"); } - + protected JSONObject getResourceAccess() { return (JSONObject) getPayload().get("resource_access"); } @@ -182,7 +180,6 @@ public class JWTToken implements Serializable { return permissionsRSName; } - public List getAuthorizationPermissionRSNameResourceScopes(String rsname) { List scopes = new ArrayList<>(); JSONArray permissions = getAuthorizationPermissions(); @@ -202,9 +199,9 @@ public class JWTToken implements Serializable { public Map> getAuthorizationPermissionRSNameToResourceScopesMap() { Map> map = new HashMap<>(); - for (String aprn : getAuthorizationPermissionRSNames() ) { + for (String aprn : getAuthorizationPermissionRSNames()) { map.put(aprn, getAuthorizationPermissionRSNameResourceScopes(aprn)); - } + } return map; } diff --git a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java index 5565d1b..fadef61 100644 --- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java +++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java @@ -40,9 +40,7 @@ public class OpenIdConnectRESTHelper { String q = params.entrySet().stream().flatMap(p -> p.getValue().stream().map(v -> p.getKey() + "=" + v)) .reduce((p1, p2) -> p1 + "&" + p2).orElse(""); - if (logger.isDebugEnabled()) { - logger.debug("Query string is: " + q); - } + logger.debug("Query string is: {}", q); return q; } @@ -70,16 +68,12 @@ public class OpenIdConnectRESTHelper { Map> params) throws Exception { - if (logger.isDebugEnabled()) { - logger.debug("Querying access token from OIDC server with URL: " + tokenURL); - } + logger.debug("Querying access token from OIDC server with URL: {}", tokenURL); HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization); StringBuilder sb = new StringBuilder(); int httpResultCode = httpURLConnection.getResponseCode(); - if (logger.isTraceEnabled()) { - logger.trace("HTTP Response code: " + httpResultCode); - } + logger.trace("HTTP Response code: {}", httpResultCode); if (httpResultCode != HttpURLConnection.HTTP_OK) { BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), "UTF-8")); String line = null; @@ -109,17 +103,13 @@ public class OpenIdConnectRESTHelper { con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); con.setRequestProperty("Accept", "application/json"); if (authorization != null) { - if (logger.isDebugEnabled()) { - logger.debug("Adding authorization header as: " + authorization); - } + logger.debug("Adding authorization header as: {}", authorization); con.setRequestProperty("Authorization", authorization); } OutputStream os = con.getOutputStream(); String queryString = mapToQueryString(params); - if (logger.isDebugEnabled()) { - logger.debug("Parameters query string is: " + queryString); - } + logger.debug("Parameters query string is: {}", queryString); os.write(queryString.getBytes("UTF-8")); os.close(); return con; @@ -170,14 +160,10 @@ public class OpenIdConnectRESTHelper { protected static String getClientIdFromToken(JWTToken token) { String clientId; - if (logger.isDebugEnabled()) { - logger.debug("Client id not provided, using authorized party field (azp)"); - } + logger.debug("Client id not provided, using authorized party field (azp)"); clientId = token.getAzp(); if (clientId == null) { - if (logger.isDebugEnabled()) { - logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)"); - } + logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)"); clientId = getFirstAudienceNoAccount(token); } return clientId; @@ -213,7 +199,7 @@ public class OpenIdConnectRESTHelper { logger.info("Logout performed correctly"); return true; } else { - logger.error("Cannot perfrom logout: [" + responseCode + "] " + httpURLConnection.getResponseMessage()); + logger.error("Cannot perfrom logout: [{}] {}", responseCode, httpURLConnection.getResponseMessage()); } return false; } diff --git a/src/test/java/org/gcube/oidc/rest/RestHelperTest.java b/src/test/java/org/gcube/oidc/rest/RestHelperTest.java index fdfe295..99dc4f0 100644 --- a/src/test/java/org/gcube/oidc/rest/RestHelperTest.java +++ b/src/test/java/org/gcube/oidc/rest/RestHelperTest.java @@ -9,8 +9,13 @@ public class RestHelperTest { public static void main(String[] args) throws Exception { URL tokenURL = new URL("https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/token"); - System.out.println(OpenIdConnectRESTHelper.queryClientToken( - "lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0", tokenURL)); + JWTToken token = OpenIdConnectRESTHelper.queryClientToken("lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0", + tokenURL); + +// System.out.println(token.getExpAsDate()); + System.out.println(token.getAzp()); +// Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000)); +// System.out.println(token.isExpired()); } }