Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the diagnostic logs #4809

Merged
merged 3 commits into from
Jul 26, 2023
Merged

Improve the diagnostic logs #4809

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c03dfd9
Improve application details on logs
sahandilshan Jul 21, 2023
c0c4abd
Add diagnostic logs for logout flow
sahandilshan Jul 21, 2023
8b5cc00
Refactor and optimize existing diagnostic logs
sahandilshan Jul 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions ...arbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,12 @@
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.event.IdentityEventConstants;
import org.wso2.carbon.identity.event.IdentityEventException;
Expand All @@ -50,6 +53,7 @@
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.DiagnosticLog;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

import java.io.Serializable;
Expand All @@ -58,6 +62,7 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
Expand Down Expand Up @@ -130,6 +135,32 @@ public AuthenticatorFlowStatus process(HttpServletRequest request,
// The Authenticator will re-initiate the authentication and retry.
context.setCurrentAuthenticator(getName());
initiateAuthenticationRequest(request, response, context);
if (LoggerUtils.isDiagnosticLogsEnabled()) {
DiagnosticLog.DiagnosticLogBuilder diagLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK,
FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_STEP);
diagLogBuilder.inputParam(LogConstants.InputKeys.STEP, context.getCurrentStep())
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultMessage("Authentication failed.")
.resultStatus(DiagnosticLog.ResultStatus.FAILED)
.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
// Adding user related details to diagnostic log.
Optional.ofNullable(e.getUser()).ifPresent(user -> {
Optional.ofNullable(user.toFullQualifiedUsername()).ifPresent(username ->
diagLogBuilder.inputParam(FrameworkConstants.LogConstants.USER,
LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(username)
: username));
diagLogBuilder.inputParam(FrameworkConstants.LogConstants.USER_STORE_DOMAIN,
user.getUserStoreDomain());
});
// Adding application related details to diagnostic log.
FrameworkUtils.getApplicationResourceId(context).ifPresent(applicationId ->
diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId));
FrameworkUtils.getApplicationName(context).ifPresent(applicationName ->
diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME,
applicationName));
LoggerUtils.triggerDiagnosticLogEvent(diagLogBuilder);
}
return AuthenticatorFlowStatus.INCOMPLETE;
} else {
context.setProperty(FrameworkConstants.LAST_FAILED_AUTHENTICATOR, getName());
Expand Down
10 changes: 7 additions & 3 deletions ...entity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService;
import org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException;
Expand All @@ -61,8 +62,6 @@
import javax.script.ScriptEngine;
import javax.script.ScriptException;

import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_NAME;

/**
* Translate the authentication graph config to runtime model.
* This is not thread safe. Should be discarded after each build.
Expand Down Expand Up @@ -1216,9 +1215,14 @@ public Object evaluate(AuthenticationContext authenticationContext, Object... p
FrameworkConstants.LogConstants.ActionIDs.EXECUTE_ADAPTIVE_SCRIPT);
diagnosticLogBuilder.resultMessage("Error in executing the adaptive authentication script : " +
e.getMessage())
.inputParam(APPLICATION_NAME, authenticationContext.getServiceProviderName())
.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION)
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
// Adding application related details to diagnostic log.
FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(applicationId ->
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId));
FrameworkUtils.getApplicationName(authenticationContext).ifPresent(applicationName ->
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME,
applicationName));
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
log.error("Error in executing the javascript for service provider : " + authenticationContext
Expand Down
9 changes: 7 additions & 2 deletions ...entication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService;
import org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException;
Expand All @@ -74,7 +75,6 @@
import javax.script.ScriptException;

import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.LogConstants.ActionIDs.EXECUTE_ADAPTIVE_SCRIPT;
import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_NAME;

/**
* Translate the authentication graph config to runtime model.
Expand Down Expand Up @@ -1233,9 +1233,14 @@ public Object evaluate(AuthenticationContext authenticationContext, Object... pa
EXECUTE_ADAPTIVE_SCRIPT);
diagnosticLogBuilder.resultMessage("Error in executing the adaptive authentication script : " +
e.getMessage())
.inputParam(APPLICATION_NAME, authenticationContext.getServiceProviderName())
.resultStatus(DiagnosticLog.ResultStatus.FAILED)
.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
// Adding application related details to diagnostic log.
FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(applicationId ->
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId));
FrameworkUtils.getApplicationName(authenticationContext).ifPresent(applicationName ->
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME,
applicationName));
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
log.error("Error in executing the javascript for service provider : " + authenticationContext
Expand Down
73 changes: 73 additions & 0 deletions ...pplication/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,14 @@
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.utils.DiagnosticLog;

import java.io.IOException;
import java.net.URLEncoder;
Expand All @@ -67,6 +70,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.LogConstants.SESSION_CONTEXT_KEY;
import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Authenticator.SAML2SSO.FED_AUTH_NAME;

/**
Expand Down Expand Up @@ -106,6 +110,14 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
if (log.isTraceEnabled()) {
log.trace("Inside handle()");
}
// This will be initialized only if diagnostic logs are enabled.
DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = null;
if (LoggerUtils.isDiagnosticLogsEnabled()) {
diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK,
FrameworkConstants.LogConstants.ActionIDs.PROCESS_LOGOUT_REQUEST)
.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
// Retrieve session information from cache.
SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(),
Expand All @@ -122,6 +134,12 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
AuthenticatedUser authenticatedUser = new AuthenticatedUser();
if (authenticatedUserObj instanceof AuthenticatedUser) {
authenticatedUser = (AuthenticatedUser) authenticatedUserObj;
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.inputParam(LogConstants.InputKeys.USER, LoggerUtils.isLogMaskingEnable ?
LoggerUtils.getMaskedContent(authenticatedUser.getUserName()) :
authenticatedUser.getUserName())
.inputParam(LogConstants.InputKeys.USER_ID, authenticatedUser.getLoggableUserId());
}
}
// Setting the authenticated user's object to the request to get the relevant details to log out the user.
context.setProperty(FrameworkConstants.AUTHENTICATED_USER, authenticatedUser);
Expand Down Expand Up @@ -151,6 +169,15 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
break;
} catch (UserSessionException | IdentityProviderManagementException
| NumberFormatException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Error while deleting federated " +
"authentication session details.")
.inputParam(SESSION_CONTEXT_KEY, context.getSessionIdentifier())
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.inputParam(LogConstants.InputKeys.IDP, fedIdpName)
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Error while deleting federated authentication session " +
"details for the session context key : " + context.getSessionIdentifier(), e);
}
Expand All @@ -165,6 +192,14 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
.removeFederatedAuthSessionInfo(context.getSessionIdentifier());
break;
} catch (UserSessionException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Error while deleting federated authentication " +
"session details. ")
.inputParam(SESSION_CONTEXT_KEY, context.getSessionIdentifier())
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Error while deleting federated authentication session" +
" details for the session context key : " + context.getSessionIdentifier(), e);
}
Expand All @@ -183,6 +218,14 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
UserSessionStore.getInstance().removeFederatedAuthSessionInfo(context.getSessionIdentifier(),
Integer.parseInt(context.getProperty(FrameworkConstants.FED_IDP_ID).toString()));
} catch (UserSessionException | NumberFormatException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Error while deleting federated authentication " +
"session details.")
.inputParam(SESSION_CONTEXT_KEY, context.getSessionIdentifier())
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Error while deleting federated authentication session" +
" details for the session context key : " + context.getSessionIdentifier(), e);
}
Expand Down Expand Up @@ -250,8 +293,21 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
// sends the logout request to the external IdP
return;
} catch (AuthenticationFailedException | LogoutFailedException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Exception while handling logout request")
.inputParam(LogConstants.InputKeys.IDP, idpName)
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Exception while handling logout request", e);
} catch (IdentityProviderManagementException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Exception while getting IdP by name")
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
log.error("Exception while getting IdP by name", e);
}
}
Expand Down Expand Up @@ -289,8 +345,20 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
}
context.addLoggedOutAuthenticator(authenticatedIdPName, authenticatorName);
} catch (AuthenticationFailedException | LogoutFailedException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Exception while handling logout request")
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
throw new FrameworkException("Exception while handling logout request", e);
} catch (IdentityProviderManagementException e) {
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Exception while getting IdP by name")
.inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage())
.resultStatus(DiagnosticLog.ResultStatus.FAILED);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
log.error("Exception while getting IdP by name", e);
}
}
Expand All @@ -300,6 +368,11 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut
try {
context.clearLoggedOutAuthenticators();
sendResponse(request, response, context, true);
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Successfully completed the logout flow.")
.resultStatus(DiagnosticLog.ResultStatus.SUCCESS);
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
} catch (ServletException | IOException e) {
throw new FrameworkException(e.getMessage(), e);
}
Expand Down
Loading
Loading