Skip to content

Commit

Permalink
Merge pull request #4809 from sahandilshan/dev
Browse files Browse the repository at this point in the history 
Improve the diagnostic logs
  • Loading branch information
@sahandilshan
sahandilshan authored Jul 26, 2023
2 parents 1329604 + 8b5cc00 commit 81d4077
Show file tree
Hide file tree
Showing 11 changed files with 226 additions and 27 deletions.
31 changes: 31 additions & 0 deletions ...arbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,12 @@
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.event.IdentityEventConstants;
import org.wso2.carbon.identity.event.IdentityEventException;
Expand All @@ -51,6 +54,7 @@
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.DiagnosticLog;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

import java.io.Serializable;
Expand All @@ -59,6 +63,7 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
Expand Down Expand Up @@ -131,6 +136,32 @@ public AuthenticatorFlowStatus process(HttpServletRequest request,
// The Authenticator will re-initiate the authentication and retry.
context.setCurrentAuthenticator(getName());
initiateAuthenticationRequest(request, response, context);
if (LoggerUtils.isDiagnosticLogsEnabled()) {
DiagnosticLog.DiagnosticLogBuilder diagLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK,
FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_STEP);
diagLogBuilder.inputParam(LogConstants.InputKeys.STEP, context.getCurrentStep())
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultMessage("Authentication failed.")
.resultStatus(DiagnosticLog.ResultStatus.FAILED)
.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
// Adding user related details to diagnostic log.
Optional.ofNullable(e.getUser()).ifPresent(user -> {
Optional.ofNullable(user.toFullQualifiedUsername()).ifPresent(username ->
diagLogBuilder.inputParam(FrameworkConstants.LogConstants.USER,
LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(username)
: username));
diagLogBuilder.inputParam(FrameworkConstants.LogConstants.USER_STORE_DOMAIN,
user.getUserStoreDomain());
});
// Adding application related details to diagnostic log.
FrameworkUtils.getApplicationResourceId(context).ifPresent(applicationId ->
diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId));
FrameworkUtils.getApplicationName(context).ifPresent(applicationName ->
diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME,
applicationName));
LoggerUtils.triggerDiagnosticLogEvent(diagLogBuilder);
}
return AuthenticatorFlowStatus.INCOMPLETE;
} else {
context.setProperty(FrameworkConstants.LAST_FAILED_AUTHENTICATOR, getName());
Expand Down
10 changes: 7 additions & 3 deletions ...entity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService;
import org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException;
Expand All @@ -61,8 +62,6 @@
import javax.script.ScriptEngine;
import javax.script.ScriptException;

import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_NAME;

/**
* Translate the authentication graph config to runtime model.
* This is not thread safe. Should be discarded after each build.
Expand Down Expand Up @@ -1216,9 +1215,14 @@ public Object evaluate(AuthenticationContext authenticationContext, Object... p
FrameworkConstants.LogConstants.ActionIDs.EXECUTE_ADAPTIVE_SCRIPT);
diagnosticLogBuilder.resultMessage("Error in executing the adaptive authentication script : " +
e.getMessage())
.inputParam(APPLICATION_NAME, authenticationContext.getServiceProviderName())
.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION)
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
// Adding application related details to diagnostic log.
FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(applicationId ->
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId));
FrameworkUtils.getApplicationName(authenticationContext).ifPresent(applicationName ->
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME,
applicationName));
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
log.error("Error in executing the javascript for service provider : " + authenticationContext
Expand Down
9 changes: 7 additions & 2 deletions ...entication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService;
import org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException;
Expand All @@ -74,7 +75,6 @@
import javax.script.ScriptException;

import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.LogConstants.ActionIDs.EXECUTE_ADAPTIVE_SCRIPT;
import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_NAME;

/**
* Translate the authentication graph config to runtime model.
Expand Down Expand Up @@ -1233,9 +1233,14 @@ public Object evaluate(AuthenticationContext authenticationContext, Object... pa
EXECUTE_ADAPTIVE_SCRIPT);
diagnosticLogBuilder.resultMessage("Error in executing the adaptive authentication script : " +
e.getMessage())
.inputParam(APPLICATION_NAME, authenticationContext.getServiceProviderName())
.resultStatus(DiagnosticLog.ResultStatus.FAILED)
.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
// Adding application related details to diagnostic log.
FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(applicationId ->
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId));
FrameworkUtils.getApplicationName(authenticationContext).ifPresent(applicationName ->
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME,
applicationName));
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
log.error("Error in executing the javascript for service provider : " + authenticationContext
Expand Down
73 changes: 73 additions & 0 deletions ...pplication/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,14 @@
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.utils.DiagnosticLog;

import java.io.IOException;
import java.net.URLEncoder;
Expand All @@ -67,6 +70,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.LogConstants.SESSION_CONTEXT_KEY;
import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Authenticator.SAML2SSO.FED_AUTH_NAME;

/**
Expand Down Expand Up @@ -106,6 +110,14 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
if (log.isTraceEnabled()) {
log.trace("Inside handle()");
}
// This will be initialized only if diagnostic logs are enabled.
DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = null;
if (LoggerUtils.isDiagnosticLogsEnabled()) {
diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK,
FrameworkConstants.LogConstants.ActionIDs.PROCESS_LOGOUT_REQUEST)
.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
// Retrieve session information from cache.
SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(),
Expand All @@ -122,6 +134,12 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
AuthenticatedUser authenticatedUser = new AuthenticatedUser();
if (authenticatedUserObj instanceof AuthenticatedUser) {
authenticatedUser = (AuthenticatedUser) authenticatedUserObj;
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.USER, LoggerUtils.isLogMaskingEnable ?
LoggerUtils.getMaskedContent(authenticatedUser.getUserName()) :
authenticatedUser.getUserName())
.inputParam(LogConstants.InputKeys.USER_ID, authenticatedUser.getLoggableUserId());
}
}
// Setting the authenticated user's object to the request to get the relevant details to log out the user.
context.setProperty(FrameworkConstants.AUTHENTICATED_USER, authenticatedUser);
Expand Down Expand Up @@ -151,6 +169,15 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
break;
} catch (UserSessionException | IdentityProviderManagementException
| NumberFormatException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Error while deleting federated " +
"authentication session details.")
.inputParam(SESSION_CONTEXT_KEY, context.getSessionIdentifier())
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.inputParam(LogConstants.InputKeys.IDP, fedIdpName)
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Error while deleting federated authentication session " +
"details for the session context key : " + context.getSessionIdentifier(), e);
}
Expand All @@ -165,6 +192,14 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
.removeFederatedAuthSessionInfo(context.getSessionIdentifier());
break;
} catch (UserSessionException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Error while deleting federated authentication " +
"session details. ")
.inputParam(SESSION_CONTEXT_KEY, context.getSessionIdentifier())
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Error while deleting federated authentication session" +
" details for the session context key : " + context.getSessionIdentifier(), e);
}
Expand All @@ -183,6 +218,14 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
UserSessionStore.getInstance().removeFederatedAuthSessionInfo(context.getSessionIdentifier(),
Integer.parseInt(context.getProperty(FrameworkConstants.FED_IDP_ID).toString()));
} catch (UserSessionException | NumberFormatException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Error while deleting federated authentication " +
"session details.")
.inputParam(SESSION_CONTEXT_KEY, context.getSessionIdentifier())
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Error while deleting federated authentication session" +
" details for the session context key : " + context.getSessionIdentifier(), e);
}
Expand Down Expand Up @@ -250,8 +293,21 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
// sends the logout request to the external IdP
return;
} catch (AuthenticationFailedException | LogoutFailedException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Exception while handling logout request")
.inputParam(LogConstants.InputKeys.IDP, idpName)
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Exception while handling logout request", e);
} catch (IdentityProviderManagementException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Exception while getting IdP by name")
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
log.error("Exception while getting IdP by name", e);
}
}
Expand Down Expand Up @@ -289,8 +345,20 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
}
context.addLoggedOutAuthenticator(authenticatedIdPName, authenticatorName);
} catch (AuthenticationFailedException | LogoutFailedException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Exception while handling logout request")
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Exception while handling logout request", e);
} catch (IdentityProviderManagementException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Exception while getting IdP by name")
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
log.error("Exception while getting IdP by name", e);
}
}
Expand All @@ -300,6 +368,11 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
try {
context.clearLoggedOutAuthenticators();
sendResponse(request, response, context, true);
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Successfully completed the logout flow.")
.resultStatus(DiagnosticLog.ResultStatus.SUCCESS);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
} catch (ServletException | IOException e) {
throw new FrameworkException(e.getMessage(), e);
}
Expand Down
Loading

0 comments on commit 81d4077

Please sign in to comment.