From 1609e66c5c583e51bc5d7e955e48557edde972f0 Mon Sep 17 00:00:00 2001 From: Sahan Dilshan Date: Wed, 19 Jul 2023 10:06:46 +0530 Subject: [PATCH] Refactor logs with constants --- .../endpoint/authz/OAuth2AuthzEndpoint.java | 93 +++++++++++-------- .../endpoint/token/OAuth2TokenEndpoint.java | 21 +++-- .../endpoint/util/EndpointConstants.java | 60 ++++++++++++ .../oauth/endpoint/util/EndpointUtil.java | 10 +- .../identity/oauth2/OAuth2Constants.java | 34 +++++++ .../handlers/AbstractResponseTypeHandler.java | 22 +++-- .../util/ResponseTypeHandlerUtil.java | 24 +++-- .../oauth2/token/AccessTokenIssuer.java | 22 +++-- .../grant/AuthorizationCodeGrantHandler.java | 21 ++--- .../OpenIDConnectClaimFilterImpl.java | 3 +- pom.xml | 2 +- 11 files changed, 224 insertions(+), 88 deletions(-) create mode 100644 components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointConstants.java diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java index 51b7f543a0d..784c6b095af 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java @@ -60,6 +60,7 @@ import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty; import org.wso2.carbon.identity.base.IdentityConstants; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataHandler; import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException; @@ -87,6 +88,7 @@ import org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException; import org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestParentException; import org.wso2.carbon.identity.oauth.endpoint.message.OAuthMessage; +import org.wso2.carbon.identity.oauth.endpoint.util.EndpointConstants; import org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil; import org.wso2.carbon.identity.oauth.endpoint.util.OpenIDConnectUserRPStore; import org.wso2.carbon.identity.oauth.extension.engine.JSEngine; @@ -179,6 +181,7 @@ import static org.wso2.carbon.identity.oauth.endpoint.state.OAuthAuthorizeState.INITIAL_REQUEST; import static org.wso2.carbon.identity.oauth.endpoint.state.OAuthAuthorizeState.PASSTHROUGH_TO_COMMONAUTH; import static org.wso2.carbon.identity.oauth.endpoint.state.OAuthAuthorizeState.USER_CONSENT_RESPONSE; +import static org.wso2.carbon.identity.oauth.endpoint.util.EndpointConstants.LogConstants.InputKeys.RESPONSE_TYPE; import static org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getErrorPageURL; import static org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getLoginPageURL; import static org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getOAuth2Service; @@ -571,7 +574,8 @@ private Response handleResponseFromConsent(OAuthMessage oAuthMessage) throws OAu if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "receive-consent-response"); + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.RECEIVE_CONSENT_RESPONSE); if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) { oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> { if (ArrayUtils.isNotEmpty(value)) { @@ -987,7 +991,8 @@ private Response handleAuthenticationResponse(OAuthMessage oAuthMessage) if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "receive-authn-response"); + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.RECEIVE_AUTHENTICATION_RESPONSE); if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) { oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> { if (ArrayUtils.isNotEmpty(value)) { @@ -1031,15 +1036,17 @@ private Response handleAuthenticationResponse(OAuthMessage oAuthMessage) } if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "validate-authn-status"); - diagnosticLogBuilder.inputParam("application name", oauth2Params.getApplicationName()) - .inputParam("client id", oAuthMessage.getClientId()) - .inputParam("tenant domain", tenantDomain) + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.VALIDATE_AUTHENTICATION_RESPONSE); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, + oauth2Params.getApplicationName()) + .inputParam(LogConstants.InputKeys.CLIENT_ID, oAuthMessage.getClientId()) + .inputParam(LogConstants.InputKeys.TENANT_DOMAIN, tenantDomain) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); if (userIdentifier != null) { - diagnosticLogBuilder.inputParam("authenticated user id", userIdentifier); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.USER_ID, userIdentifier); if (LoggerUtils.isLogMaskingEnable) { - diagnosticLogBuilder.inputParam("authenticated user (masked)", + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.USER, LoggerUtils.getMaskedContent(authnResult.getSubject().getUserName())); } } @@ -1268,7 +1275,8 @@ private Response handleInitialAuthorizationRequest(OAuthMessage oAuthMessage) th if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "receive-authz-request"); + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.RECEIVE_AUTHORIZATION_RESPONSE); if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) { oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> { if (ArrayUtils.isNotEmpty(value)) { @@ -1533,13 +1541,14 @@ private String handleServerErrorAuthorization(OAuthMessage oAuthMessage, OIDCSes authorizationResponseDTO.setError(HttpServletResponse.SC_FOUND, errorMsg, errorCode); if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "handle-authorization"); + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.HANDLE_AUTHORIZATION); if (oauth2Params != null) { - diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) - .inputParam("application name", oauth2Params.getApplicationName()) - .inputParam("redirect uri", oauth2Params.getRedirectURI()) - .inputParam("scope", oauth2Params.getScopes()) - .inputParam("response type", oauth2Params.getResponseType()); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, oauth2Params.getClientId()) + .inputParam(LogConstants.InputKeys.APPLICATION_NAME, oauth2Params.getApplicationName()) + .inputParam(LogConstants.InputKeys.REDIREDCT_URI, oauth2Params.getRedirectURI()) + .inputParam(LogConstants.InputKeys.SCOPE, oauth2Params.getScopes()) + .inputParam(RESPONSE_TYPE, oauth2Params.getResponseType()); } diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -1568,13 +1577,14 @@ private String handleFailureAuthorization(OAuthMessage oAuthMessage, OIDCSession authzRespDTO.getErrorCode()); if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "handle-authorization"); + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.HANDLE_AUTHORIZATION); if (oauth2Params != null) { - diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) - .inputParam("application name", oauth2Params.getApplicationName()) - .inputParam("redirect uri", oauth2Params.getRedirectURI()) - .inputParam("scope", oauth2Params.getScopes()) - .inputParam("response type", oauth2Params.getResponseType()); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, oauth2Params.getClientId()) + .inputParam(LogConstants.InputKeys.APPLICATION_NAME, oauth2Params.getApplicationName()) + .inputParam(LogConstants.InputKeys.REDIREDCT_URI, oauth2Params.getRedirectURI()) + .inputParam(LogConstants.InputKeys.SCOPE, oauth2Params.getScopes()) + .inputParam(RESPONSE_TYPE, oauth2Params.getResponseType()); } diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED) .resultMessage("Error occurred while processing the authorization: " + errorMsg) @@ -1588,15 +1598,16 @@ private String handleAuthorizationFailureBeforeConsent(OAuthMessage oAuthMessage OAuth2AuthorizeRespDTO authzRespDTO) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "validate-scopes-before-consent"); + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.VALIDATE_SCOPES_BEFORE_CONSENT); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); String errorMsg = authzRespDTO.getErrorMsg() != null ? authzRespDTO.getErrorMsg() : "Error occurred while processing authorization request."; OAuthProblemException oauthProblemException = OAuthProblemException.error( authzRespDTO.getErrorCode(), errorMsg); - diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) - .inputParam("application name", oauth2Params.getApplicationName()) - .inputParam("redirect uri", authzRespDTO.getCallbackURI()) + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, oauth2Params.getClientId()) + .inputParam(LogConstants.InputKeys.APPLICATION_NAME, oauth2Params.getApplicationName()) + .inputParam(LogConstants.InputKeys.REDIREDCT_URI, authzRespDTO.getCallbackURI()) .resultMessage("Error occurred when processing the authorization request before consent. " + authzRespDTO.getErrorMsg()) .resultStatus(DiagnosticLog.ResultStatus.FAILED) @@ -1658,11 +1669,12 @@ private OAuthResponse handleSuccessAuthorization(OAuthMessage oAuthMessage, OIDC } if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "generate-response"); - diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) - .inputParam("application name", oauth2Params.getApplicationName()) - .inputParam("redirect uri", redirectURL) - .inputParam("response mode", oauth2Params.getResponseMode()) + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.HANDLE_AUTHORIZATION); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, oauth2Params.getClientId()) + .inputParam(LogConstants.InputKeys.APPLICATION_NAME, oauth2Params.getApplicationName()) + .inputParam(LogConstants.InputKeys.REDIREDCT_URI, redirectURL) + .inputParam(RESPONSE_TYPE, oauth2Params.getResponseMode()) .inputParam("authorized scopes", authzRespDTO.getScope()) .resultMessage("Successfully generated oauth response.") .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) @@ -2739,9 +2751,10 @@ private String doUserAuthorization(OAuthMessage oAuthMessage, String sessionData try { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "validate-scopes-before-consent"); - diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) - .inputParam("application name", oauth2Params.getApplicationName()) + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.VALIDATE_SCOPES_BEFORE_CONSENT); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, oauth2Params.getClientId()) + .inputParam(LogConstants.InputKeys.APPLICATION_NAME, oauth2Params.getApplicationName()) .inputParam("scopes to be validate", oauth2Params.getScopes()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("Scope validation started.") @@ -2751,9 +2764,10 @@ private String doUserAuthorization(OAuthMessage oAuthMessage, String sessionData validateScopesBeforeConsent(oAuthMessage, oauth2Params, authzReqDTO); if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "validate-scopes-before-consent"); - diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) - .inputParam("application name", oauth2Params.getApplicationName()) + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.VALIDATE_SCOPES_BEFORE_CONSENT); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, oauth2Params.getClientId()) + .inputParam(LogConstants.InputKeys.APPLICATION_NAME, oauth2Params.getApplicationName()) .inputParam("scopes after validation", oauth2Params.getScopes()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("Scope validation completed.") @@ -3654,11 +3668,12 @@ private Response handleAuthFlowThroughFramework(OAuthMessage oAuthMessage, Strin if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "hand-over-to-framework") + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.HAND_OVER_TO_FRAMEWORK) .resultMessage("Forward authorization request to framework for user authentication.") .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .inputParam("client id", oAuthMessage.getClientId()) - .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + .inputParam(LogConstants.InputKeys.CLIENT_ID, oAuthMessage.getClientId()) + .logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } try { diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java index a2a5beac5ad..192ecb60dcf 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java @@ -30,6 +30,7 @@ import org.apache.oltu.oauth2.common.message.OAuthResponse; import org.apache.oltu.oauth2.common.message.types.GrantType; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.oauth.client.authn.filter.OAuthClientAuthenticatorProxy; @@ -39,6 +40,7 @@ import org.wso2.carbon.identity.oauth.endpoint.exception.InvalidApplicationClientException; import org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestParentException; import org.wso2.carbon.identity.oauth.endpoint.exception.TokenEndpointBadRequestException; +import org.wso2.carbon.identity.oauth.endpoint.util.EndpointConstants; import org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil; import org.wso2.carbon.identity.oauth2.ResponseHeader; import org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext; @@ -64,6 +66,7 @@ import javax.ws.rs.core.Response.ResponseBuilder; import static org.apache.commons.lang.StringUtils.isNotBlank; +import static org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.PROP_CLIENT_ID; import static org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.parseJsonTokenRequest; import static org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.startSuperTenantFlow; import static org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.triggerOnTokenExceptionListeners; @@ -96,11 +99,12 @@ public Response issueAccessToken(@Context HttpServletRequest request, String pay } paramMap = parseJsonTokenRequest(payload); DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "receive-token-request"); - if (MapUtils.isNotEmpty(paramMap) && paramMap.containsKey("client_id")) { - diagnosticLogBuilder.inputParam("client id", paramMap.get("client_id")); + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.RECEIVE_TOKEN_REQUEST); + if (MapUtils.isNotEmpty(paramMap) && paramMap.containsKey(PROP_CLIENT_ID)) { + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, paramMap.get(PROP_CLIENT_ID)); } - diagnosticLogBuilder.resultMessage("Successfully received token request.") + diagnosticLogBuilder.resultMessage("Successfully received the token request.") .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); @@ -125,12 +129,13 @@ public Response issueAccessToken(@Context HttpServletRequest request, if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "receive-token-request"); - if (MapUtils.isNotEmpty(paramMap) && paramMap.containsKey("client_id")) { - diagnosticLogBuilder.inputParam("client id", paramMap.getFirst("client_id")); + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.RECEIVE_TOKEN_REQUEST); + if (MapUtils.isNotEmpty(paramMap) && paramMap.containsKey(PROP_CLIENT_ID)) { + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, paramMap.getFirst(PROP_CLIENT_ID)); } diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .resultMessage("Successfully received token request.") + .resultMessage("Successfully received the token request.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointConstants.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointConstants.java new file mode 100644 index 00000000000..0676b0b377a --- /dev/null +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointConstants.java @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.oauth.endpoint.util; + + +/** + * Constants used in OAuth Endpoint. + */ +public class EndpointConstants { + + private EndpointConstants() { + // To prevent instantiation. + } + + /** + * Constants related to OAuth Endpoint log management. + */ + public static class LogConstants { + + /** + * Define action IDs for diagnostic logs. + */ + public static class ActionIDs { + + public static final String RECEIVE_CONSENT_RESPONSE = "receive-consent-response"; + public static final String RECEIVE_TOKEN_REQUEST = "receive-token-request"; + public static final String RECEIVE_AUTHENTICATION_RESPONSE = "receive-authn-response"; + public static final String VALIDATE_AUTHENTICATION_RESPONSE = "validate-authn-status"; + public static final String RECEIVE_AUTHORIZATION_RESPONSE = "receive-authz-request"; + public static final String HANDLE_AUTHORIZATION = "handle-authorization"; + public static final String VALIDATE_SCOPES_BEFORE_CONSENT = "validate-scopes-before-consent"; + public static final String HAND_OVER_TO_FRAMEWORK = "hand-over-to-framework"; + public static final String PERSIST_OAUTH_SCOPE_CONSENT = "persist-oauth-scope-consent"; + } + + /** + * Define common and reusable Input keys for diagnostic logs. + */ + public static class InputKeys { + + public static final String RESPONSE_TYPE = "response type"; + } + } +} diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointUtil.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointUtil.java index 0230adb6d06..b0eadf31564 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointUtil.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointUtil.java @@ -54,6 +54,7 @@ import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants; import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.core.ServiceURLBuilder; import org.wso2.carbon.identity.core.URLBuilderException; @@ -143,7 +144,7 @@ public class EndpointUtil { private static final String OAUTH2_AUTHORIZE = "/oauth2/authorize"; public static final String OAUTH2_CIBA_ENDPOINT = "oauth2/ciba"; private static final String UTF_8 = "UTF-8"; - private static final String PROP_CLIENT_ID = "client_id"; + public static final String PROP_CLIENT_ID = "client_id"; private static final String PROP_GRANT_TYPE = "response_type"; private static final String PROP_RESPONSE_TYPE = "response_type"; private static final String PROP_SCOPE = "scope"; @@ -1077,10 +1078,11 @@ public static void storeOAuthScopeConsent(AuthenticatedUser user, OAuth2Paramete } if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "persist-oauth-scope-consent"); - diagnosticLogBuilder.inputParam("clientId", params.getClientId()) + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + EndpointConstants.LogConstants.ActionIDs.PERSIST_OAUTH_SCOPE_CONSENT); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, params.getClientId()) .inputParam("approved scopes", userApprovedScopes) - .inputParam("user", userId) + .inputParam(LogConstants.InputKeys.USER_ID, userId) .inputParam("override existing consent", overrideExistingConsent) .resultMessage("Successfully persisted oauth scopes.") .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/OAuth2Constants.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/OAuth2Constants.java index a5282962344..99233db5c24 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/OAuth2Constants.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/OAuth2Constants.java @@ -71,4 +71,38 @@ public static class RoleBasedScope { public static final String APIM_SERVICE_CATALOG_PREFIX = "service_catalog:"; } + + /** + * Constants related to OAuth2 log management. + */ + public static class LogConstants { + + public static final String OAUTH_INBOUND_SERVICE = "oauth-inbound-service"; + + /** + * Define action IDs for diagnostic logs. + */ + public static class ActionIDs { + + public static final String SCOPE_VALIDATION = "scope-validation"; + public static final String ISSUE_ACCESS_TOKEN = "issue-access-token"; + public static final String ISSUE_ID_TOKEN = "issue-id-token"; + public static final String VALIDATE_AUTHORIZATION_CODE = "validate-authz-code"; + public static final String ISSUE_AUTHZ_CODE = "issue-authz-code"; + + } + + /** + * Define common and reusable Input keys for diagnostic logs. + */ + public static class InputKeys { + + public static final String SCOPE_VALIDATOR = "scope validator"; + public static final String REQUESTED_SCOPES = "requested scopes"; + public static final String AUTHORIZED_SCOPES = "authorized scopes"; + public static final String GRANT_TYPE = "grant type"; + public static final String AUTHORIZATION_CODE = "authorization code"; + + } + } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java index cd4affe538c..afebb58e9b9 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java @@ -23,6 +23,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.oltu.oauth2.common.message.types.GrantType; import org.apache.oltu.oauth2.common.message.types.ResponseType; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.oauth.cache.OAuthCache; import org.wso2.carbon.identity.oauth.callback.OAuthCallback; @@ -32,6 +33,7 @@ import org.wso2.carbon.identity.oauth.dao.OAuthAppDO; import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; +import org.wso2.carbon.identity.oauth2.OAuth2Constants; import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext; import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO; import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO; @@ -46,6 +48,8 @@ import java.util.List; import java.util.Map; +import static org.wso2.carbon.identity.oauth2.OAuth2Constants.LogConstants.InputKeys.SCOPE_VALIDATOR; + /** * AbstractResponseTypeHandler contains all the common methods of all three basic handlers. */ @@ -116,21 +120,25 @@ && hasValidationByApplicationScopeValidatorsFailed(oauthAuthzMsgCtx)) { } if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "scope-validation"); - diagnosticLogBuilder.inputParam("client id", oauthAuthzMsgCtx.getAuthorizationReqDTO().getConsumerKey()) - .inputParam("scope validator", validator.getName()) + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + OAuth2Constants.LogConstants.ActionIDs.SCOPE_VALIDATION); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, + oauthAuthzMsgCtx.getAuthorizationReqDTO().getConsumerKey()) + .inputParam(SCOPE_VALIDATOR, validator.getName()) .inputParam("scopes (before validation)", oauthAuthzMsgCtx.getApprovedScope()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .resultMessage("Before validating scopes") + .resultMessage("Before validating scopes.") .logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } boolean isGlobalValidScope = validator.validateScope(oauthAuthzMsgCtx); if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "scope-validation"); - diagnosticLogBuilder.inputParam("client id", oauthAuthzMsgCtx.getAuthorizationReqDTO().getConsumerKey()) - .inputParam("scope validator", validator.getName()) + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + OAuth2Constants.LogConstants.ActionIDs.SCOPE_VALIDATION); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, + oauthAuthzMsgCtx.getAuthorizationReqDTO().getConsumerKey()) + .inputParam(SCOPE_VALIDATOR, validator.getName()) .inputParam("scopes (after validation)", oauthAuthzMsgCtx.getApprovedScope()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("After validating scopes.") diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java index fbac7e17118..ba20812ffe5 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java @@ -29,6 +29,7 @@ import org.wso2.carbon.identity.application.common.model.ClaimMapping; import org.wso2.carbon.identity.base.IdentityConstants; import org.wso2.carbon.identity.base.IdentityException; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache; @@ -45,6 +46,7 @@ import org.wso2.carbon.identity.oauth.event.OAuthEventInterceptor; import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; +import org.wso2.carbon.identity.oauth2.OAuth2Constants; import org.wso2.carbon.identity.oauth2.OAuth2Service; import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext; import org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext; @@ -68,6 +70,8 @@ import java.util.concurrent.TimeUnit; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE; +import static org.wso2.carbon.identity.oauth2.OAuth2Constants.LogConstants.ActionIDs.ISSUE_AUTHZ_CODE; +import static org.wso2.carbon.identity.oauth2.OAuth2Constants.LogConstants.OAUTH_INBOUND_SERVICE; /** * ResponseTypeHandlerUtil contains all the common methods in tokenResponseTypeHandler and IDTokenResponseTypeHandler. @@ -305,23 +309,25 @@ public static AuthzCodeDO generateAuthorizationCode(OAuthAuthzReqMessageContext } if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "issue-authz-code"); - diagnosticLogBuilder.inputParam("client id", authorizationReqDTO.getConsumerKey()) + OAUTH_INBOUND_SERVICE, ISSUE_AUTHZ_CODE); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, authorizationReqDTO.getConsumerKey()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("Authorization Code issued successfully.") - .inputParam("requested scopes", OAuth2Util.buildScopeString(authorizationReqDTO.getScopes())) - .inputParam("redirect uri", authorizationReqDTO.getCallbackUrl()) + .inputParam(OAuth2Constants.LogConstants.InputKeys.REQUESTED_SCOPES, + OAuth2Util.buildScopeString(authorizationReqDTO.getScopes())) + .inputParam(LogConstants.InputKeys.REDIREDCT_URI, authorizationReqDTO.getCallbackUrl()) .inputParam("authz code validity period (ms)", String.valueOf(validityPeriod)) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); if (authorizationReqDTO.getUser() != null) { try { - diagnosticLogBuilder.inputParam("user", authorizationReqDTO.getUser().getUserId()); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.USER_ID, authorizationReqDTO.getUser() + .getUserId()); } catch (UserIdNotFoundException e) { if (StringUtils.isNotBlank(authorizationReqDTO.getUser().getAuthenticatedSubjectIdentifier())) { - - diagnosticLogBuilder.inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils - .getMaskedContent(authorizationReqDTO.getUser().getAuthenticatedSubjectIdentifier()) : - authorizationReqDTO.getUser().getAuthenticatedSubjectIdentifier()); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.USER, LoggerUtils.isLogMaskingEnable ? + LoggerUtils.getMaskedContent(authorizationReqDTO.getUser() + .getAuthenticatedSubjectIdentifier()) : authorizationReqDTO.getUser() + .getAuthenticatedSubjectIdentifier()); } } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java index e6cfdea7ffa..3a0c4cd2f1f 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java @@ -36,6 +36,7 @@ import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants; import org.wso2.carbon.identity.base.IdentityConstants; import org.wso2.carbon.identity.base.IdentityException; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.core.util.IdentityUtil; @@ -52,6 +53,7 @@ import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder; import org.wso2.carbon.identity.oauth2.IDTokenValidationFailureException; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; +import org.wso2.carbon.identity.oauth2.OAuth2Constants; import org.wso2.carbon.identity.oauth2.ResponseHeader; import org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext; import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO; @@ -458,18 +460,21 @@ public OAuth2AccessTokenRespDTO issue(OAuth2AccessTokenReqDTO tokenReqDTO) } if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "issue-access-token"); - diagnosticLogBuilder.inputParam("clientId", tokenReqDTO.getClientId()) - .inputParam("authorized scopes", tokenRespDTO.getAuthorizedScopes()) - .inputParam("grant type", grantType) + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + OAuth2Constants.LogConstants.ActionIDs.ISSUE_ACCESS_TOKEN); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, tokenReqDTO.getClientId()) + .inputParam(OAuth2Constants.LogConstants.InputKeys.AUTHORIZED_SCOPES, + tokenRespDTO.getAuthorizedScopes()) + .inputParam(OAuth2Constants.LogConstants.InputKeys.GRANT_TYPE, grantType) .inputParam("token expiry time (s)", tokenRespDTO.getExpiresIn()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("Access token issued for the application.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); if (tokReqMsgCtx.getAuthorizedUser() != null) { - diagnosticLogBuilder.inputParam("user id", tokReqMsgCtx.getAuthorizedUser().getUserId()); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.USER_ID, + tokReqMsgCtx.getAuthorizedUser().getUserId()); String username = tokReqMsgCtx.getAuthorizedUser().getUserName(); - diagnosticLogBuilder.inputParam("username", LoggerUtils.isLogMaskingEnable ? + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.USER, LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(username) : username); } LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); @@ -488,8 +493,9 @@ public OAuth2AccessTokenRespDTO issue(OAuth2AccessTokenReqDTO tokenReqDTO) String idToken = builder.buildIDToken(tokReqMsgCtx, tokenRespDTO); if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "issue-id-token"); - diagnosticLogBuilder.inputParam("clientId", tokenReqDTO.getClientId()) + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + OAuth2Constants.LogConstants.ActionIDs.ISSUE_ID_TOKEN); + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, tokenReqDTO.getClientId()) .inputParam("issued claims for id token", tokReqMsgCtx.getProperty( ID_TOKEN_USER_CLAIMS_PROP_KEY)) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java index 29ca02c78af..aa3ccb4b6fa 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java @@ -25,6 +25,7 @@ import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException; import org.wso2.carbon.identity.base.IdentityConstants; import org.wso2.carbon.identity.base.IdentityException; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.oauth.OAuthUtil; @@ -37,6 +38,7 @@ import org.wso2.carbon.identity.oauth.event.OAuthEventInterceptor; import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; +import org.wso2.carbon.identity.oauth2.OAuth2Constants; import org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeValidationResult; import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory; import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO; @@ -376,9 +378,10 @@ private boolean validateAuthzCodeFromRequest(AuthzCodeDO authzCodeBean, String c throws IdentityOAuth2Exception { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "validate-authz-code"); + OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, + OAuth2Constants.LogConstants.ActionIDs.VALIDATE_AUTHORIZATION_CODE); if (LoggerUtils.isDiagnosticLogsEnabled()) { - diagnosticLogBuilder.inputParam("client id", clientId) + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.CLIENT_ID, clientId) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); } if (authzCodeBean == null) { @@ -403,8 +406,7 @@ private boolean validateAuthzCodeFromRequest(AuthzCodeDO authzCodeBean, String c if (LoggerUtils.isDiagnosticLogsEnabled()) { diagnosticLogBuilder.resultMessage("Inactive authorization code received.") .inputParam("authorization code", authzCode) - .resultStatus(DiagnosticLog.ResultStatus.FAILED) - .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } throw new IdentityOAuth2Exception("Inactive authorization code received from token request"); @@ -415,16 +417,14 @@ private boolean validateAuthzCodeFromRequest(AuthzCodeDO authzCodeBean, String c if (LoggerUtils.isDiagnosticLogsEnabled()) { diagnosticLogBuilder.resultMessage("Expired authorization code received.") .inputParam("authorization code", authzCode) - .resultStatus(DiagnosticLog.ResultStatus.FAILED) - .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } } else if (isAuthzCodeRevoked(authzCodeBean)) { if (LoggerUtils.isDiagnosticLogsEnabled()) { diagnosticLogBuilder.resultMessage("Revoked authorization code received.") - .inputParam("authorization code", authzCode) - .resultStatus(DiagnosticLog.ResultStatus.FAILED) - .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + .inputParam(OAuth2Constants.LogConstants.InputKeys.AUTHORIZATION_CODE, authzCode) + .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } } @@ -432,8 +432,7 @@ private boolean validateAuthzCodeFromRequest(AuthzCodeDO authzCodeBean, String c } if (LoggerUtils.isDiagnosticLogsEnabled()) { diagnosticLogBuilder.resultMessage("Authorization code validation is successful.") - .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + .resultStatus(DiagnosticLog.ResultStatus.SUCCESS); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } return true; diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OpenIDConnectClaimFilterImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OpenIDConnectClaimFilterImpl.java index 1ac97e9662d..a2b6112ea6e 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OpenIDConnectClaimFilterImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OpenIDConnectClaimFilterImpl.java @@ -37,6 +37,7 @@ import org.wso2.carbon.identity.oauth.common.OAuthConstants; import org.wso2.carbon.identity.oauth.dto.ScopeDTO; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; +import org.wso2.carbon.identity.oauth2.OAuth2Constants; import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory; import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder; import org.wso2.carbon.identity.oauth2.util.OAuth2Util; @@ -180,7 +181,7 @@ public List getClaimsFilteredByOIDCScopes(Set requestedScopes, S if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "issue-access-token"); - diagnosticLogBuilder.inputParam("requested scopes", requestedScopes) + diagnosticLogBuilder.inputParam(OAuth2Constants.LogConstants.InputKeys.REQUESTED_SCOPES, requestedScopes) .resultMessage("Get Claims Filtered By OIDC Scopes.") .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); diff --git a/pom.xml b/pom.xml index b1f33df4465..b50a8da5fda 100644 --- a/pom.xml +++ b/pom.xml @@ -863,7 +863,7 @@ [1.0.1, 2.0.0) - 5.25.234 + 5.25.259 [5.25.234, 7.0.0)