improve trace logging for authentication

2025-11-12 08:25:44 +01:00 · 2012-06-28 10:55:55 +02:00
parent d9cedfd8b1
commit da7e9c67d8
4 changed files with 75 additions and 0 deletions
--- a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
@@ -123,15 +123,42 @@ public class BasicAuthenticationFilter extends HttpFilter
    if (Util.isNotEmpty(authentication)
        && authentication.toUpperCase().startsWith(AUTHORIZATION_BASIC_PREFIX))
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("found basic authorization header, start authentication");
+      }
+
      user = authenticate(request, response, securityContext, authentication);
+
+      if (logger.isTraceEnabled())
+      {
+        if (user != null)
+        {
+          logger.trace("user {} successfully authenticated", user.getName());
+        }
+        else
+        {
+          logger.trace("authentcation failed, user object is null");
+        }
+      }
    }
    else if (securityContext.isAuthenticated())
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("user is allready authenticated");
+      }
+
      user = securityContext.getUser();
    }

    if (user == null)
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("could not find user send unauthorized");
+      }
+
      HttpUtil.sendUnauthorized(response);
    }
    else
@@ -192,6 +219,11 @@ public class BasicAuthenticationFilter extends HttpFilter

      if (Util.isNotEmpty(username) && Util.isNotEmpty(password))
      {
+        if (logger.isTraceEnabled())
+        {
+          logger.trace("try to authenticate user {}", username);
+        }
+
        user = securityContext.authenticate(request, response, username,
                password);
      }
--- a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
@@ -150,6 +150,15 @@ public abstract class PermissionFilter extends HttpFilter

          if (hasPermission(repository, securityContext, writeRequest))
          {
+            if (logger.isTraceEnabled())
+            {
+              logger.trace("{} access to repository {} for user {} granted",
+                           new Object[] { writeRequest
+                                          ? "write"
+                                          : "read", repository.getName(),
+                                          user.getName() });
+            }
+
            chain.doFilter(request, response);
          }
          else