Adding logging messages.
diff --git a/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java b/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java
index ef1f118..5d64422 100644
--- a/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java
+++ b/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java
@@ -27,7 +27,6 @@
import io.mifos.anubis.config.TenantSignatureRepository;
import io.mifos.core.cassandra.core.CassandraSessionProvider;
import io.mifos.core.lang.ApplicationName;
-import io.mifos.core.lang.ServiceException;
import io.mifos.core.lang.security.RsaKeyPairFactory;
import io.mifos.core.lang.security.RsaPrivateKeyBuilder;
import io.mifos.core.lang.security.RsaPublicKeyBuilder;
@@ -102,6 +101,9 @@
Assert.notNull(identityManagerSignature);
//TODO: add validation to make sure this timestamp is more recent than any already stored.
+ logger.info("Creating application signature set for timestamp '" + timestamp +
+ "'. Identity manager signature is: " + identityManagerSignature);
+
final RsaKeyPairFactory.KeyPairHolder applicationSignature = RsaKeyPairFactory.createKeyPair();
final Session session = cassandraSessionProvider.getTenantSession();
@@ -123,6 +125,7 @@
Assert.notNull(timestamp);
//Don't actually delete, just invalidate, so that if someone starts coming at me with an older keyset, I'll
//know what's happening.
+ logger.info("Invalidationg signature set for timestamp '" + timestamp + "'.");
final Session session = cassandraSessionProvider.getTenantSession();
invalidateEntry(session, timestamp);
}
diff --git a/library/src/main/java/io/mifos/anubis/security/GuestAuthenticator.java b/library/src/main/java/io/mifos/anubis/security/GuestAuthenticator.java
index 533868c..6c9270a 100644
--- a/library/src/main/java/io/mifos/anubis/security/GuestAuthenticator.java
+++ b/library/src/main/java/io/mifos/anubis/security/GuestAuthenticator.java
@@ -18,27 +18,36 @@
import io.mifos.anubis.annotation.AcceptedTokenType;
import io.mifos.anubis.api.v1.RoleConstants;
import io.mifos.anubis.service.PermittableService;
+import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import java.util.Set;
+import static io.mifos.anubis.config.AnubisConstants.LOGGER_NAME;
+
/**
* @author Myrle Krantz
*/
@Component
public class GuestAuthenticator {
private Set<ApplicationPermission> permissions;
+ private final Logger logger;
@Autowired
- public GuestAuthenticator(final PermittableService permittableService) {
+ public GuestAuthenticator(final PermittableService permittableService,
+ final @Qualifier(LOGGER_NAME) Logger logger) {
this.permissions = permittableService.getPermittableEndpointsAsPermissions(AcceptedTokenType.GUEST);
+ this.logger = logger;
}
AnubisAuthentication authenticate(final String user) {
if (!user.equals(RoleConstants.GUEST_USER_IDENTIFIER))
throw AmitAuthenticationException.invalidHeader();
+ logger.info("Guest access \"authenticated\" successfully.", user);
+
return new AnubisAuthentication(null, RoleConstants.GUEST_USER_IDENTIFIER, permissions);
}
}
diff --git a/library/src/main/java/io/mifos/anubis/security/SystemAuthenticator.java b/library/src/main/java/io/mifos/anubis/security/SystemAuthenticator.java
index 49fd679..6250321 100644
--- a/library/src/main/java/io/mifos/anubis/security/SystemAuthenticator.java
+++ b/library/src/main/java/io/mifos/anubis/security/SystemAuthenticator.java
@@ -62,20 +62,21 @@
public AnubisAuthentication authenticate(
final String user,
final String token,
- final String timestamp) {
+ final String keyTimestamp) {
if (!user.equals(ApiConstants.SYSTEM_SU))
throw AmitAuthenticationException.invalidHeader();
try {
final JwtParser jwtParser = Jwts.parser()
- .setSigningKey(systemRsaKeyProvider.getPublicKey(timestamp))
+ .setSigningKey(systemRsaKeyProvider.getPublicKey(keyTimestamp))
.requireAudience(applicationName.toString())
.requireIssuer(TokenType.SYSTEM.getIssuer())
- .require(TokenConstants.JWT_SIGNATURE_TIMESTAMP_CLAIM, timestamp);
+ .require(TokenConstants.JWT_SIGNATURE_TIMESTAMP_CLAIM, keyTimestamp);
TenantContextHolder.identifier().ifPresent(jwtParser::requireSubject);
jwtParser.parse(token);
+ logger.info("System token for user {}, with key timestamp {} authenticated successfully.", user, keyTimestamp);
return new AnubisAuthentication(token, user, permissions);
}
@@ -83,7 +84,7 @@
logger.debug("token = {}", token);
throw AmitAuthenticationException.invalidToken();
} catch (final InvalidKeyTimestampException e) {
- throw AmitAuthenticationException.invalidTokenKeyTimestamp("system", timestamp);
+ throw AmitAuthenticationException.invalidTokenKeyTimestamp("system", keyTimestamp);
}
}
}
diff --git a/library/src/main/java/io/mifos/anubis/security/TenantAuthenticator.java b/library/src/main/java/io/mifos/anubis/security/TenantAuthenticator.java
index d604ba3..35e4797 100644
--- a/library/src/main/java/io/mifos/anubis/security/TenantAuthenticator.java
+++ b/library/src/main/java/io/mifos/anubis/security/TenantAuthenticator.java
@@ -26,6 +26,7 @@
import io.mifos.anubis.service.PermittableService;
import io.mifos.anubis.token.TokenType;
import io.mifos.core.lang.ApplicationName;
+import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
@@ -36,6 +37,8 @@
import java.util.stream.Collectors;
import java.util.stream.Stream;
+import static io.mifos.anubis.config.AnubisConstants.LOGGER_NAME;
+
/**
* @author Myrle Krantz
*/
@@ -45,18 +48,21 @@
private final String applicationNameWithVersion;
private final Gson gson;
private final Set<ApplicationPermission> guestPermissions;
+ private final Logger logger;
@Autowired
public TenantAuthenticator(
final TenantRsaKeyProvider tenantRsaKeyProvider,
final ApplicationName applicationName,
final PermittableService permittableService,
- final @Qualifier("anubisGson") Gson gson) {
+ final @Qualifier("anubisGson") Gson gson,
+ final @Qualifier(LOGGER_NAME) Logger logger) {
this.tenantRsaKeyProvider = tenantRsaKeyProvider;
this.applicationNameWithVersion = applicationName.toString();
this.gson = gson;
this.guestPermissions
= permittableService.getPermittableEndpointsAsPermissions(AcceptedTokenType.GUEST);
+ this.logger = logger;
}
AnubisAuthentication authenticate(
@@ -79,6 +85,8 @@
final Set<ApplicationPermission> permissions = translatePermissions(tokenContent.getTokenPermissions());
permissions.addAll(guestPermissions);
+ logger.info("Tenant token for user {}, with key timestamp {} authenticated successfully.", user, keyTimestamp);
+
return new AnubisAuthentication(token,
jwt.getBody().getSubject(), permissions
);
diff --git a/library/src/main/java/io/mifos/anubis/security/UrlPermissionChecker.java b/library/src/main/java/io/mifos/anubis/security/UrlPermissionChecker.java
index 957279e..6da4d59 100644
--- a/library/src/main/java/io/mifos/anubis/security/UrlPermissionChecker.java
+++ b/library/src/main/java/io/mifos/anubis/security/UrlPermissionChecker.java
@@ -22,6 +22,7 @@
import org.springframework.security.web.FilterInvocation;
import java.util.Collection;
+import java.util.Optional;
/**
* @author Myrle Krantz
@@ -48,10 +49,11 @@
final AnubisAuthentication authentication = (AnubisAuthentication) unAuthentication;
final Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
- return authorities.stream()
- .map(x -> (ApplicationPermission)x)
- .filter(x -> x.matches(filterInvocation, authentication.getPrincipal()))
- .findAny()
- .map(x -> ACCESS_GRANTED).orElse(ACCESS_DENIED);
+ final Optional<ApplicationPermission> matchedPermission = authorities.stream()
+ .map(x -> (ApplicationPermission) x)
+ .filter(x -> x.matches(filterInvocation, authentication.getPrincipal()))
+ .findAny();
+
+ return matchedPermission.map(x -> ACCESS_GRANTED).orElse(ACCESS_DENIED);
}
}
