# HG changeset patch # User Severin Gehwolf # Date 1369128814 -7200 # Node ID 6d696f9181d62292d2d07e5412f33a63af501652 # Parent d628eebb5eeaec2df17376a1fa1bdec1c8ce7604 Log verbose messages only if debug is enabled for JAAS login modules. Reviewed-by: vanaltj Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2013-May/006689.html diff -r d628eebb5eea -r 6d696f9181d6 distribution/config/thermostat_jaas.conf --- a/distribution/config/thermostat_jaas.conf Mon May 27 10:53:53 2013 -0600 +++ b/distribution/config/thermostat_jaas.conf Tue May 21 11:33:34 2013 +0200 @@ -1,7 +1,7 @@ ThermostatJAASLogin { - com.redhat.thermostat.web.server.auth.spi.DelegateLoginModule required debug=true; + com.redhat.thermostat.web.server.auth.spi.DelegateLoginModule required debug=false; }; ThermostatJAASDelegate { - com.redhat.thermostat.web.server.auth.spi.PropertiesUsernameRolesLoginModule required debug=true; -}; \ No newline at end of file + com.redhat.thermostat.web.server.auth.spi.PropertiesUsernameRolesLoginModule required debug=false; +}; diff -r d628eebb5eea -r 6d696f9181d6 web/server/src/main/java/com/redhat/thermostat/web/server/auth/spi/AbstractLoginModule.java --- a/web/server/src/main/java/com/redhat/thermostat/web/server/auth/spi/AbstractLoginModule.java Mon May 27 10:53:53 2013 -0600 +++ b/web/server/src/main/java/com/redhat/thermostat/web/server/auth/spi/AbstractLoginModule.java Tue May 21 11:33:34 2013 +0200 @@ -37,9 +37,11 @@ package com.redhat.thermostat.web.server.auth.spi; import java.io.IOException; +import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; +import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; @@ -58,6 +60,16 @@ private static final Logger logger = LoggingUtils.getLogger(AbstractLoginModule.class); protected CallbackHandler callBackHandler; + protected Subject subject; + protected boolean debug = false; + + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map sharedState, Map options) { + this.subject = subject; + this.callBackHandler = callbackHandler; + this.debug = "true".equalsIgnoreCase((String)options.get("debug")); + } /** * Get username and password from the callback. diff -r d628eebb5eea -r 6d696f9181d6 web/server/src/main/java/com/redhat/thermostat/web/server/auth/spi/DelegateLoginModule.java --- a/web/server/src/main/java/com/redhat/thermostat/web/server/auth/spi/DelegateLoginModule.java Mon May 27 10:53:53 2013 -0600 +++ b/web/server/src/main/java/com/redhat/thermostat/web/server/auth/spi/DelegateLoginModule.java Tue May 21 11:33:34 2013 +0200 @@ -71,7 +71,6 @@ private static final String JAAS_DELEGATE_CONFIG_NAME = "ThermostatJAASDelegate"; // the delegate private LoginContext delegateContext; - private Subject subject; private String username; /** * The config name to use. Defaults to {@linkplain DelegateLoginModule#JAAS_DELEGATE_CONFIG_NAME} @@ -94,19 +93,20 @@ @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { - this.subject = subject; - this.callBackHandler = callbackHandler; + super.initialize(subject, callbackHandler, sharedState, options); /* * Create and initialize the delegate */ try { this.delegateContext = new LoginContext(configName, subject, callbackHandler); - logger.log(Level.FINEST, "successfully created delegate login context"); + if (debug) { + logger.log(Level.FINEST, "successfully created delegate login context"); + } } catch (LoginException e) { // This only happens if there is no "ThermostatJAASDelegate" config // and also no configuration with the name "other", which is likely // always there for real application servers. - String message = "Could not initialize delegate. " + + String message = "Fatal: Could not initialize delegate. " + "'ThermostatJAASDelegate' " + "and 'other' login modules are both not configured!"; logger.log(Level.SEVERE, message, e); @@ -119,13 +119,17 @@ boolean loginOk = false; try { username = super.getUsernameFromCallBack(); - logger.log(Level.FINEST, "Attempt to login as " + username + "(using delegate)"); delegateContext.login(); loginOk = true; - logger.log(Level.FINEST, "Login succeeded"); + if (debug) { + logger.log(Level.FINEST, "Login succeeded for " + username + " using the delegate."); + } } catch (LoginException e) { - // This has a level of fine since it's just a plain login failure - logger.log(Level.FINEST, "Login failed", e); + if (debug) { + // This only shows up if debug is turned on + // since it's just a plain login failure. + logger.log(Level.FINEST, "Login failed", e); + } throw e; } return loginOk; @@ -150,7 +154,7 @@ if (p.getName().equals(username)) { // add our user principal if (userPrincipal != null) { - logger.log(Level.SEVERE, "> 1 user principals!"); + logger.log(Level.SEVERE, "Fatal: > 1 user principals!"); throw new IllegalStateException("> 1 user principals!"); } userPrincipal = new UserPrincipal(username); @@ -179,7 +183,9 @@ // with these roles from the web storage servlet. userPrincipal.setRoles(roles); - logger.log(Level.FINEST, "Committed changes for '" + username + "'"); + if (debug) { + logger.log(Level.FINEST, "Committed changes for '" + username + "'"); + } return true; } @@ -190,7 +196,9 @@ Set principals = subject.getPrincipals(); principals.clear(); } - logger.log(Level.FINEST, "Aborted login!"); + if (debug) { + logger.log(Level.FINEST, "Login aborted!"); + } return true; } @@ -200,10 +208,14 @@ delegateContext.logout(); Set principals = subject.getPrincipals(); principals.clear(); - logger.log(Level.FINEST, "Logged out"); + if (debug) { + logger.log(Level.FINEST, "Logged out successfully!"); + } return true; } catch (LoginException e) { - logger.log(Level.FINEST, "Logout failed!", e); + if (debug) { + logger.log(Level.FINEST, "Logout failed!" + e.getMessage()); + } return false; } } diff -r d628eebb5eea -r 6d696f9181d6 web/server/src/main/java/com/redhat/thermostat/web/server/auth/spi/PropertiesUsernameRolesLoginModule.java --- a/web/server/src/main/java/com/redhat/thermostat/web/server/auth/spi/PropertiesUsernameRolesLoginModule.java Mon May 27 10:53:53 2013 -0600 +++ b/web/server/src/main/java/com/redhat/thermostat/web/server/auth/spi/PropertiesUsernameRolesLoginModule.java Tue May 21 11:33:34 2013 +0200 @@ -70,9 +70,8 @@ */ public class PropertiesUsernameRolesLoginModule extends AbstractLoginModule { - private static Logger logger = LoggingUtils.getLogger(PropertiesUsernameRolesLoginModule.class); + private static final Logger logger = LoggingUtils.getLogger(PropertiesUsernameRolesLoginModule.class); - private Subject subject; // The validator to use for authentication private UserValidator validator; private RolesAmender amender; @@ -83,8 +82,7 @@ @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { - this.subject = subject; - this.callBackHandler = callbackHandler; + super.initialize(subject, callbackHandler, sharedState, options); this.validator = getValidator((String) options.get("users.properties")); this.amender = getRolesAmender((String) options.get("roles.properties"), validator.getAllKnownUsers()); @@ -92,7 +90,9 @@ @Override public boolean login() throws LoginException { - logger.log(Level.FINEST, "Logging in"); + if (debug) { + logger.log(Level.FINEST, "Logging in ..."); + } loginOK = false; char[] password = null; try { @@ -100,10 +100,14 @@ username = (String)creds[0]; password = (char[])creds[1]; validator.authenticate(username, password); - logger.log(Level.FINEST, "Logged in user '" + username + "'"); loginOK = true; + if (debug) { + logger.log(Level.FINEST, "Logged in successfully: user == '" + username + "'"); + } } catch (UserValidationException e) { - logger.log(Level.FINE, "Authentication failed for user '" + username + "'"); + if (debug) { + logger.log(Level.INFO, "Authentication failed for user '" + username + "'"); + } throw new LoginException(e.getMessage()); } finally { clearPassword(password); @@ -116,7 +120,9 @@ if (loginOK == false) { return false; } - logger.log(Level.FINEST, "Committing principals for user '" + username + "'"); + if (debug) { + logger.log(Level.FINEST, "Committing principals for user '" + username + "'"); + } Set principals = subject.getPrincipals(); // Tomcat uses classes as specified by the LoginModule config // in order to distinguish between user principals and role principals @@ -127,7 +133,9 @@ try { roles = amender.getRoles(username); } catch (IllegalStateException e) { - logger.log(Level.FINE, "Failed to commit", e); + if (debug) { + logger.log(Level.INFO, "Failed to commit" + e.getMessage()); + } throw new LoginException(); } principals.addAll(roles); @@ -145,15 +153,19 @@ @Override public boolean abort() throws LoginException { - logger.log(Level.FINEST, "aborting"); clearPrincipals(); + if (debug) { + logger.log(Level.FINEST, "Login aborted!"); + } return true; } @Override public boolean logout() throws LoginException { - logger.log(Level.FINEST, "logging out"); clearPrincipals(); + if (debug) { + logger.log(Level.FINEST, "Logged out!"); + } return true; } @@ -175,17 +187,21 @@ UserValidator validator = null; try { if (usersProperties == null) { + if (debug) { + logger.log(Level.FINEST, "Using default user database"); + } validator = new PropertiesUserValidator(); - logger.log(Level.FINE, "Using default user database"); } else { - logger.log(Level.FINE, "Using user database as defined in file '" + usersProperties + "'"); + if (debug) { + logger.log(Level.FINEST, "Using user database as defined in file '" + usersProperties + "'"); + } validator = new PropertiesUserValidator(usersProperties); } } catch (Throwable e) { - // Can't continue at this point, since we this for + // Can't continue at this point, since we need this for // authentication. - String msg = "Failed to initialize user database"; - logger.log(Level.SEVERE, msg, e); + String msg = "Fatal: Failed to initialize user database"; + logger.log(Level.SEVERE, msg, e); throw new RuntimeException(msg); } return validator; @@ -195,16 +211,20 @@ RolesAmender roleAmender = null; try { if (rolesProperties == null) { + if (debug) { + logger.log(Level.FINEST, "Using default roles database"); + } roleAmender = new RolesAmender(users); - logger.log(Level.FINE, "Using default roles database"); } else { - logger.log(Level.FINE, "Using roles database as defined in file '" + rolesProperties + "'"); + if (debug) { + logger.log(Level.FINEST, "Using roles database as defined in file '" + rolesProperties + "'"); + } roleAmender = new RolesAmender(rolesProperties, users); } } catch (Throwable e) { - // Can't continue at this point, since we this for + // Can't continue at this point, since we need this for // authentication. - String msg = "Failed to initialize role/user mapping database"; + String msg = "Fatal: Failed to initialize role/user mapping database"; logger.log(Level.SEVERE, msg, e); throw new RuntimeException(msg, e); }