Enhance logging and configuration (#207)

Updated logging statements to include user roles upon login in both RAS and FENCE authentication services. Parameterized logging levels in the application properties file for more flexible runtime configuration.
hms-dbmi · Sep 10, 2024 · 535798a · 535798a
1 parent a63a0bd
commit 535798a
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/...arvard/hms/dbmi/avillach/auth/service/impl/authentication/FENCEAuthenticationService.java b/...arvard/hms/dbmi/avillach/auth/service/impl/authentication/FENCEAuthenticationService.java
@@ -4,6 +4,7 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import edu.harvard.hms.dbmi.avillach.auth.entity.Connection;
+import edu.harvard.hms.dbmi.avillach.auth.entity.Role;
 import edu.harvard.hms.dbmi.avillach.auth.entity.User;
 import edu.harvard.hms.dbmi.avillach.auth.exceptions.NotAuthorizedException;
 import edu.harvard.hms.dbmi.avillach.auth.model.fenceMapping.StudyMetaData;
@@ -26,6 +27,7 @@
 import org.springframework.util.MultiValueMap;
 
 import java.util.*;
+import java.util.stream.Collectors;
 
 @Service
 public class FENCEAuthenticationService implements AuthenticationService {
@@ -155,7 +157,12 @@ public HashMap<String, String> authenticate(Map<String, String> authRequest, Str
         claims.put("email", currentUser.getEmail());
         claims.put("sub", currentUser.getSubject());
         HashMap<String, String> responseMap = userService.getUserProfileResponse(claims);
-        logger.info("LOGIN SUCCESS ___ {}:{}:{} ___ Authorization will expire at  ___ {}___", currentUser.getEmail(), currentUser.getUuid().toString(), currentUser.getSubject(), responseMap.get("expirationDate"));
+        logger.info("LOGIN SUCCESS ___ {}:{}:{} ___ WITH ROLES ___ {} ___ Authorization will expire at  ___ {}___",
+                currentUser.getEmail(),
+                currentUser.getUuid().toString(),
+                currentUser.getSubject(),
+                currentUser.getRoles().stream().map(role -> role.getName().replace("MANAGED_", "")).collect(Collectors.joining(",")),
+                responseMap.get("expirationDate"));
         logger.debug("getFENCEProfile() UserProfile response object has been generated");
         logger.debug("getFENCEToken() finished");
 

diff --git a/.../harvard/hms/dbmi/avillach/auth/service/impl/authentication/RASAuthenticationService.java b/.../harvard/hms/dbmi/avillach/auth/service/impl/authentication/RASAuthenticationService.java
@@ -4,12 +4,12 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import edu.harvard.hms.dbmi.avillach.auth.entity.Connection;
+import edu.harvard.hms.dbmi.avillach.auth.entity.Role;
 import edu.harvard.hms.dbmi.avillach.auth.entity.User;
 import edu.harvard.hms.dbmi.avillach.auth.model.ras.Passport;
 import edu.harvard.hms.dbmi.avillach.auth.model.ras.RasDbgapPermission;
 import edu.harvard.hms.dbmi.avillach.auth.service.AuthenticationService;
 import edu.harvard.hms.dbmi.avillach.auth.service.impl.*;
-import edu.harvard.hms.dbmi.avillach.auth.utils.JWTUtil;
 import edu.harvard.hms.dbmi.avillach.auth.utils.RestClientUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -19,6 +19,7 @@
 import org.springframework.stereotype.Service;
 
 import java.util.*;
+import java.util.stream.Collectors;
 
 @Service
 public class RASAuthenticationService extends OktaAuthenticationService implements AuthenticationService {
@@ -141,8 +142,11 @@ public HashMap<String, String> authenticate(Map<String, String> authRequest, Str
         userService.save(user);
         HashMap<String, String> responseMap = createUserClaims(user, idToken);
         responseMap.put("oktaIdToken", idToken);
-        logger.info("LOGIN SUCCESS ___ USER {}:{} ___ AUTHORIZATION WILL EXPIRE AT  ___ {} ___ CODE {}",
-                user.getSubject(), user.getUuid().toString(), responseMap.get("expirationDate"), authRequest.get("code"));
+        logger.info("LOGIN SUCCESS ___ USER {}:{} ___ WITH ROLES ___ {} ___ AUTHORIZATION WILL EXPIRE AT  ___ {} ___ CODE {}",
+                user.getSubject(), user.getUuid().toString(),
+                user.getRoles().stream().map(role -> role.getName().replace("MANAGED_", "")).collect(Collectors.joining(",")),
+                responseMap.get("expirationDate"), authRequest.get("code"));
+
         return responseMap;
     }
 

diff --git a/pic-sure-auth-services/src/main/resources/application.properties b/pic-sure-auth-services/src/main/resources/application.properties
@@ -20,9 +20,10 @@ spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect
 spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
 
 # Logging
-#logging.level.org.springframework.security=info
-#logging.level.root=DEBUG
-logging.level.edu.harvard.hms.dbmi.avillach.auth.service.impl=DEBUG
+logging.level.org.springframework.security=${LOGGING_LEVEL_SECURITY:INFO}
+logging.level.root=${LOGGING_LEVEL_ROOT:INFO}
+logging.level.org.springframework.web=${LOGGING_LEVEL_SLF4J:INFO}
+logging.level.edu.harvard.hms.dbmi.avillach.auth.service.impl.authentication.RASAuthenticationService=${LOGGING_LEVEL_RAS_AUTHENTICATION:INFO}
 
 # Mail session configuration (Assuming Gmail SMTP for example)
 spring.mail.host=smtp.gmail.com