improve trace logging for authentication

2025-11-09 23:15:43 +01:00 · 2012-06-28 10:55:55 +02:00
parent d9cedfd8b1
commit da7e9c67d8
4 changed files with 75 additions and 0 deletions
--- a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
@@ -123,15 +123,42 @@ public class BasicAuthenticationFilter extends HttpFilter
    if (Util.isNotEmpty(authentication)
        && authentication.toUpperCase().startsWith(AUTHORIZATION_BASIC_PREFIX))
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("found basic authorization header, start authentication");
+      }
+
      user = authenticate(request, response, securityContext, authentication);
+
+      if (logger.isTraceEnabled())
+      {
+        if (user != null)
+        {
+          logger.trace("user {} successfully authenticated", user.getName());
+        }
+        else
+        {
+          logger.trace("authentcation failed, user object is null");
+        }
+      }
    }
    else if (securityContext.isAuthenticated())
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("user is allready authenticated");
+      }
+
      user = securityContext.getUser();
    }

    if (user == null)
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("could not find user send unauthorized");
+      }
+
      HttpUtil.sendUnauthorized(response);
    }
    else
@@ -192,6 +219,11 @@ public class BasicAuthenticationFilter extends HttpFilter

      if (Util.isNotEmpty(username) && Util.isNotEmpty(password))
      {
+        if (logger.isTraceEnabled())
+        {
+          logger.trace("try to authenticate user {}", username);
+        }
+
        user = securityContext.authenticate(request, response, username,
                password);
      }
--- a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
@@ -150,6 +150,15 @@ public abstract class PermissionFilter extends HttpFilter

          if (hasPermission(repository, securityContext, writeRequest))
          {
+            if (logger.isTraceEnabled())
+            {
+              logger.trace("{} access to repository {} for user {} granted",
+                           new Object[] { writeRequest
+                                          ? "write"
+                                          : "read", repository.getName(),
+                                          user.getName() });
+            }
+
            chain.doFilter(request, response);
          }
          else
--- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -124,9 +124,16 @@ public class BasicSecurityContext implements WebSecurityContext
                           HttpServletResponse response, String username,
                           String password)
  {
+    if ( logger.isTraceEnabled() ){
+      logger.trace("start authentication for user {}", username);
+    }
    AuthenticationResult ar = authenticator.authenticate(request, response,
                                username, password);

+    if ( logger.isTraceEnabled() ){
+      logger.trace("authentication ends with {}", ar);
+    }
+    
    if ((ar != null) && (ar.getState() == AuthenticationState.SUCCESS))
    {
      authenticate(request, password, ar);
--- a/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java
@@ -130,6 +130,12 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager

    if (ar == null)
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("no authentication result for user {} found in cache",
+                     username);
+      }
+
      ar = doAuthentication(request, response, username, password);

      if ((ar != null) && ar.isCacheable())
@@ -157,6 +163,11 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
  {
    for (AuthenticationHandler authenticator : authenticationHandlerSet)
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("close authenticator {}", authenticator.getClass());
+      }
+
      IOUtil.close(authenticator);
    }
  }
@@ -172,6 +183,11 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
  {
    for (AuthenticationHandler authenticator : authenticationHandlerSet)
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("initialize authenticator {}", authenticator.getClass());
+      }
+
      authenticator.init(context);
    }

@@ -200,8 +216,19 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
  {
    AuthenticationResult ar = null;

+    if (logger.isTraceEnabled())
+    {
+      logger.trace("start authentication chain for user {}", username);
+    }
+
    for (AuthenticationHandler authenticator : authenticationHandlerSet)
    {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("check authenticator {} for user {}",
+                     authenticator.getClass(), username);
+      }
+
      try
      {
        AuthenticationResult result = authenticator.authenticate(request,