From ca691a2ab2714388a41a465e09dea0e79de1b03f Mon Sep 17 00:00:00 2001 From: GeorgeC Date: Wed, 14 Aug 2024 12:21:20 -0400 Subject: [PATCH] Improve logs for splunk log chaining --- .../auth/service/impl/RASPassPortService.java | 9 ++++++--- .../RASAuthenticationService.java | 19 ++++++++++++------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/RASPassPortService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/RASPassPortService.java index b502fc11..72624e9b 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/RASPassPortService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/RASPassPortService.java @@ -59,6 +59,7 @@ public void init() { public void validateAllUserPassports() { Set allUsersWithAPassport = this.userService.getAllUsersWithAPassport(); allUsersWithAPassport.parallelStream().forEach(user -> { + logger.info("validateAllUserPassports() ATTEMPTING TO VALIDATE PASSPORT___ USER {}", user.getSubject()); if (StringUtils.isBlank(user.getPassport())) { logger.error("NO PASSPORT FOUND ___ uSER {}", user.getSubject()); return; @@ -67,7 +68,7 @@ public void validateAllUserPassports() { String encodedPassport = user.getPassport(); Optional passportOptional = JWTUtil.parsePassportJWTV11(encodedPassport); if (passportOptional.isEmpty()) { - logger.error("fAILED TO DECODE PASSPORT ___ USER: {}", user.getEmail()); + logger.error("fAILED TO DECODE PASSPORT ___ USER: {}", user.getSubject()); user.setPassport(null); userService.save(user); userService.logoutUser(user); @@ -78,7 +79,7 @@ public void validateAllUserPassports() { for (String visa : ga4ghPassportV1) { Optional parsedVisa = JWTUtil.parseGa4ghPassportV1(visa); if (parsedVisa.isEmpty()) { - logger.error("validatePassport() ga4ghPassportV1 is empty"); + logger.error("validatePassport() ga4ghPassportV1 PASSPORT VISA IS EMPTY ___ USER {}", user.getSubject()); return; } @@ -89,8 +90,10 @@ public void validateAllUserPassports() { if (response.isPresent()) { boolean successfullyUpdated = handlePassportValidationResponse(response.get(), user); if (!successfullyUpdated) { - logger.info("PASSPORT IS NO LONGER VALID ___ USER {} ___ USER LOGGED OUT", user.getSubject()); + logger.info("PASSPORT VALIDATION COMPLETE __ PASSPORT IS NO LONGER VALID ___ USER {} ___ USER LOGGED OUT", user.getSubject()); break; + } else { + logger.info("PASSPORT VALIDATION COMPLETE __ PASSPORT IS VALID ___ USER {}", user.getSubject()); } } } diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/RASAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/RASAuthenticationService.java index be96d043..9badb15f 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/RASAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/RASAuthenticationService.java @@ -107,37 +107,42 @@ public HashMap authenticate(Map authRequest, Str User user = initializedUser.get(); Optional rasPassport = this.rasPassPortService.extractPassport(introspectResponse); if (rasPassport.isEmpty()) { - logger.info("LOGIN FAILED ___ NO RAS PASSPORT FOUND ___"); + logger.info("LOGIN FAILED ___ NO RAS PASSPORT FOUND ___ USER: {} ___ CODE {}", user.getSubject(), authRequest.get("code")); return null; } if (rasPassPortService.isExpired(rasPassport.get())) { - logger.error("validateRASPassport() LOGIN FAILED ___ PASSPORT IS EXPIRED ___ USER: {}", user.getSubject()); + logger.error("validateRASPassport() LOGIN FAILED ___ PASSPORT IS EXPIRED ___ USER: {} ___ CODE {}", user.getSubject(), authRequest.get("code")); return null; } if (!rasPassport.get().getIss().equals(this.rasPassportIssuer)) { logger.error("validateRASPassport() LOGIN FAILED ___ PASSPORT ISSUER IS NOT CORRECT ___ USER: {} ___ " + - "EXPECTED ISSUER {} ___ ACTUAL ISSUER {}", user.getSubject(), this.rasPassportIssuer, rasPassport.get().getIss()); + "EXPECTED ISSUER {} ___ ACTUAL ISSUER {} ___ CODE {}", + user.getSubject(), this.rasPassportIssuer, rasPassport.get().getIss(), authRequest.get("code")); return null; } - logger.info("RAS PASSPORT FOUND ___ USER: {} ___ PASSPORT: {}", user.getSubject(), rasPassport.get()); + logger.info("RAS PASSPORT FOUND ___ USER: {} ___ PASSPORT: {} ___ CODE {}", user.getSubject(), rasPassport.get(), authRequest.get("code")); Set dbgapPermissions = this.rasPassPortService.ga4gpPassportToRasDbgapPermissions(rasPassport.get().getGa4ghPassportV1()); Optional> dbgapRoleNames = this.roleService.getRoleNamesForDbgapPermissions(dbgapPermissions); if (dbgapRoleNames.isPresent()) { user = userService.updateUserRoles(user, dbgapRoleNames.get()); - logger.debug("USER {} ROLES UPDATED {}", user.getSubject(), user.getRoles().stream().map(role -> role.getName().replace("MANAGED_", "")).toArray()); + logger.debug("USER {} ROLES UPDATED {} ___ CODE {}", + user.getSubject(), + user.getRoles().stream().map(role -> role.getName().replace("MANAGED_", "")).toArray(), + authRequest.get("code")); } String passport = introspectResponse.get("passport_jwt_v11").toString(); user.setPassport(passport); - logger.info("RAS PASSPORT SUCCESSFULLY ADDED TO USER: {}", user.getSubject()); + logger.info("RAS PASSPORT SUCCESSFULLY ADDED TO USER: {} ___ CODE {}", user.getSubject(), authRequest.get("code")); userService.save(user); HashMap responseMap = createUserClaims(user, idToken); responseMap.put("oktaIdToken", idToken); - logger.info("LOGIN SUCCESS ___ USER {}:{} ___ AUTHORIZATION WILL EXPIRE AT ___ {}___", user.getSubject(), user.getUuid().toString(), responseMap.get("expirationDate")); + logger.info("LOGIN SUCCESS ___ USER {}:{} ___ AUTHORIZATION WILL EXPIRE AT ___ {} ___ CODE {}", + user.getSubject(), user.getUuid().toString(), responseMap.get("expirationDate"), authRequest.get("code")); return responseMap; }