From 8102ac1b7694bb7e5825225468993faee8b6ceb8 Mon Sep 17 00:00:00 2001 From: Sahan Dilshan Date: Mon, 17 Jul 2023 14:11:59 +0530 Subject: [PATCH] Update diagnostic logs according to new builder --- .../endpoint/authz/OAuth2AuthzEndpoint.java | 98 ++++++++++--------- .../endpoint/token/OAuth2TokenEndpoint.java | 10 +- .../oauth/endpoint/util/EndpointUtil.java | 10 +- .../handlers/AbstractResponseTypeHandler.java | 16 +-- .../util/ResponseTypeHandlerUtil.java | 13 +-- .../oauth2/token/AccessTokenIssuer.java | 22 +++-- .../grant/AuthorizationCodeGrantHandler.java | 23 +++-- .../OpenIDConnectClaimFilterImpl.java | 5 +- 8 files changed, 110 insertions(+), 87 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java index 967a4089f1..51b7f543a0 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java @@ -575,13 +575,13 @@ private Response handleResponseFromConsent(OAuthMessage oAuthMessage) throws OAu if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) { oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> { if (ArrayUtils.isNotEmpty(value)) { - diagnosticLogBuilder.putParams(key, Arrays.asList(value)); + diagnosticLogBuilder.inputParam(key, Arrays.asList(value)); } }); } diagnosticLogBuilder.resultMessage("Successfully received consent response.") .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .logLevel(DiagnosticLog.LogLevel.ADVANCED); + .logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } @@ -991,13 +991,13 @@ private Response handleAuthenticationResponse(OAuthMessage oAuthMessage) if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) { oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> { if (ArrayUtils.isNotEmpty(value)) { - diagnosticLogBuilder.putParams(key, Arrays.asList(value)); + diagnosticLogBuilder.inputParam(key, Arrays.asList(value)); } }); } diagnosticLogBuilder.resultMessage("Received authentication response from Framework.") .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .logLevel(DiagnosticLog.LogLevel.ADVANCED); + .logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } @@ -1032,18 +1032,19 @@ private Response handleAuthenticationResponse(OAuthMessage oAuthMessage) if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "validate-authn-status"); - diagnosticLogBuilder.putParams("ApplicationName", oauth2Params.getApplicationName()) - .putParams("clientId", oAuthMessage.getClientId()) - .putParams("tenantDomain", tenantDomain); + diagnosticLogBuilder.inputParam("application name", oauth2Params.getApplicationName()) + .inputParam("client id", oAuthMessage.getClientId()) + .inputParam("tenant domain", tenantDomain) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); if (userIdentifier != null) { - diagnosticLogBuilder.putParams("authenticatedUserId", userIdentifier); + diagnosticLogBuilder.inputParam("authenticated user id", userIdentifier); if (LoggerUtils.isLogMaskingEnable) { - diagnosticLogBuilder.putParams("authenticatedUserMasked", + diagnosticLogBuilder.inputParam("authenticated user (masked)", LoggerUtils.getMaskedContent(authnResult.getSubject().getUserName())); } } if (oAuthMessage.getAuthorizationGrantCacheEntry() != null) { - diagnosticLogBuilder.putParams("Authentication Method Reference", + diagnosticLogBuilder.inputParam("authentication method reference", oAuthMessage.getAuthorizationGrantCacheEntry().getAmrList()); } diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.SUCCESS) @@ -1271,15 +1272,16 @@ private Response handleInitialAuthorizationRequest(OAuthMessage oAuthMessage) th if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) { oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> { if (ArrayUtils.isNotEmpty(value)) { - diagnosticLogBuilder.putParams(key, Arrays.asList(value)); + diagnosticLogBuilder.inputParam(key, Arrays.asList(value)); } }); } UserAgent userAgent = new UserAgent(oAuthMessage.getRequest().getHeader("User-Agent")); - diagnosticLogBuilder.putParams("Login browser", userAgent.getBrowser()) - .putParams("Login Device", userAgent.getDevice()) + diagnosticLogBuilder.inputParam("login browser", userAgent.getBrowser()) + .inputParam("login device", userAgent.getDevice()) .resultMessage("Successfully received OAuth2 Authorize request.") - .resultStatus(DiagnosticLog.ResultStatus.SUCCESS); + .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } String redirectURL = handleOAuthAuthorizationRequest(oAuthMessage); @@ -1533,13 +1535,14 @@ private String handleServerErrorAuthorization(OAuthMessage oAuthMessage, OIDCSes DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "handle-authorization"); if (oauth2Params != null) { - diagnosticLogBuilder.putParams("client_id", oauth2Params.getClientId()) - .putParams("ApplicationName", oauth2Params.getApplicationName()) - .putParams("redirect_uri", oauth2Params.getRedirectURI()) - .putParams("scope", oauth2Params.getScopes()) - .putParams("ResponseType", oauth2Params.getResponseType()); + diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) + .inputParam("application name", oauth2Params.getApplicationName()) + .inputParam("redirect uri", oauth2Params.getRedirectURI()) + .inputParam("scope", oauth2Params.getScopes()) + .inputParam("response type", oauth2Params.getResponseType()); } diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) .resultMessage(errorMsg); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } @@ -1567,14 +1570,15 @@ private String handleFailureAuthorization(OAuthMessage oAuthMessage, OIDCSession DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "handle-authorization"); if (oauth2Params != null) { - diagnosticLogBuilder.putParams("clientId", oauth2Params.getClientId()) - .putParams("Application Name", oauth2Params.getApplicationName()) - .putParams("redirectUri", oauth2Params.getRedirectURI()) - .putParams("scope", oauth2Params.getScopes()) - .putParams("ResponseType", oauth2Params.getResponseType()); + diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) + .inputParam("application name", oauth2Params.getApplicationName()) + .inputParam("redirect uri", oauth2Params.getRedirectURI()) + .inputParam("scope", oauth2Params.getScopes()) + .inputParam("response type", oauth2Params.getResponseType()); } diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED) - .resultMessage("Error occurred while processing the authorization: " + errorMsg); + .resultMessage("Error occurred while processing the authorization: " + errorMsg) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } return EndpointUtil.getErrorRedirectURL(oAuthMessage.getRequest(), oauthProblemException, oauth2Params); @@ -1590,12 +1594,13 @@ private String handleAuthorizationFailureBeforeConsent(OAuthMessage oAuthMessage : "Error occurred while processing authorization request."; OAuthProblemException oauthProblemException = OAuthProblemException.error( authzRespDTO.getErrorCode(), errorMsg); - diagnosticLogBuilder.putParams("clientId", oauth2Params.getClientId()) - .putParams("ApplicationName", oauth2Params.getApplicationName()) - .putParams("RedirectURI", authzRespDTO.getCallbackURI()) + diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) + .inputParam("application name", oauth2Params.getApplicationName()) + .inputParam("redirect uri", authzRespDTO.getCallbackURI()) .resultMessage("Error occurred when processing the authorization request before consent. " + authzRespDTO.getErrorMsg()) - .resultStatus(DiagnosticLog.ResultStatus.FAILED); + .resultStatus(DiagnosticLog.ResultStatus.FAILED) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); return EndpointUtil.getErrorRedirectURL(oAuthMessage.getRequest(), oauthProblemException, oauth2Params); } @@ -1654,13 +1659,14 @@ private OAuthResponse handleSuccessAuthorization(OAuthMessage oAuthMessage, OIDC if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "generate-response"); - diagnosticLogBuilder.putParams("clientId", oauth2Params.getClientId()) - .putParams("Application Name", oauth2Params.getApplicationName()) - .putParams("redirectUri", redirectURL) - .putParams("responseMode", oauth2Params.getResponseMode()) - .putParams("AuthorizedScopes", authzRespDTO.getScope()) + diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) + .inputParam("application name", oauth2Params.getApplicationName()) + .inputParam("redirect uri", redirectURL) + .inputParam("response mode", oauth2Params.getResponseMode()) + .inputParam("authorized scopes", authzRespDTO.getScope()) .resultMessage("Successfully generated oauth response.") - .resultStatus(DiagnosticLog.ResultStatus.SUCCESS); + .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } sessionState.setAuthenticated(true); @@ -2734,22 +2740,24 @@ private String doUserAuthorization(OAuthMessage oAuthMessage, String sessionData if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "validate-scopes-before-consent"); - diagnosticLogBuilder.putParams("clientId", oauth2Params.getClientId()) - .putParams("ApplicationName", oauth2Params.getApplicationName()) - .putParams("ScopesToBeValidate", oauth2Params.getScopes()) + diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) + .inputParam("application name", oauth2Params.getApplicationName()) + .inputParam("scopes to be validate", oauth2Params.getScopes()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .resultMessage("Scope validation started."); + .resultMessage("Scope validation started.") + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } validateScopesBeforeConsent(oAuthMessage, oauth2Params, authzReqDTO); if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "validate-scopes-before-consent"); - diagnosticLogBuilder.putParams("clientId", oauth2Params.getClientId()) - .putParams("ApplicationName", oauth2Params.getApplicationName()) - .putParams("ScopesAfterValidation", oauth2Params.getScopes()) + diagnosticLogBuilder.inputParam("client id", oauth2Params.getClientId()) + .inputParam("application name", oauth2Params.getApplicationName()) + .inputParam("scopes after validation", oauth2Params.getScopes()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .resultMessage("Scope validation completed."); + .resultMessage("Scope validation completed.") + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } } catch (IdentityOAuth2UnauthorizedScopeException e) { @@ -3649,8 +3657,8 @@ private Response handleAuthFlowThroughFramework(OAuthMessage oAuthMessage, Strin OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "hand-over-to-framework") .resultMessage("Forward authorization request to framework for user authentication.") .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .putParams("clientId", oAuthMessage.getClientId()) - .logLevel(DiagnosticLog.LogLevel.ADVANCED); + .inputParam("client id", oAuthMessage.getClientId()) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } try { diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java index 1b20abebd5..a2a5beac5a 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java @@ -98,10 +98,11 @@ public Response issueAccessToken(@Context HttpServletRequest request, String pay DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "receive-token-request"); if (MapUtils.isNotEmpty(paramMap) && paramMap.containsKey("client_id")) { - diagnosticLogBuilder.putParams("clientId", paramMap.get("client_id")); + diagnosticLogBuilder.inputParam("client id", paramMap.get("client_id")); } diagnosticLogBuilder.resultMessage("Successfully received token request.") - .resultStatus(DiagnosticLog.ResultStatus.SUCCESS); + .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } catch (TokenEndpointBadRequestException e) { triggerOnTokenExceptionListeners(e, request, null); @@ -126,10 +127,11 @@ public Response issueAccessToken(@Context HttpServletRequest request, DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "receive-token-request"); if (MapUtils.isNotEmpty(paramMap) && paramMap.containsKey("client_id")) { - diagnosticLogBuilder.putParams("clientId", paramMap.getFirst("client_id")); + diagnosticLogBuilder.inputParam("client id", paramMap.getFirst("client_id")); } diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .resultMessage("Successfully received token request."); + .resultMessage("Successfully received token request.") + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } return issueAccessToken(request, (Map>) paramMap); diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointUtil.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointUtil.java index 6cf5d82ea0..0230adb6d0 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointUtil.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointUtil.java @@ -1078,13 +1078,13 @@ public static void storeOAuthScopeConsent(AuthenticatedUser user, OAuth2Paramete if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "persist-oauth-scope-consent"); - diagnosticLogBuilder.putParams("clientId", params.getClientId()) - .putParams("approvedScopes", userApprovedScopes) - .putParams("user", userId) - .putParams("overrideExistingConsent", overrideExistingConsent) + diagnosticLogBuilder.inputParam("clientId", params.getClientId()) + .inputParam("approved scopes", userApprovedScopes) + .inputParam("user", userId) + .inputParam("override existing consent", overrideExistingConsent) .resultMessage("Successfully persisted oauth scopes.") .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .logLevel(DiagnosticLog.LogLevel.ADVANCED); + .logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java index 60dec666e3..cd4affe538 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java @@ -117,24 +117,24 @@ && hasValidationByApplicationScopeValidatorsFailed(oauthAuthzMsgCtx)) { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "scope-validation"); - diagnosticLogBuilder.putParams("clientId", oauthAuthzMsgCtx.getAuthorizationReqDTO().getConsumerKey()) - .putParams("ScopeValidator", validator.getName()) - .putParams("Scopes (Before Validation)", oauthAuthzMsgCtx.getApprovedScope()) + diagnosticLogBuilder.inputParam("client id", oauthAuthzMsgCtx.getAuthorizationReqDTO().getConsumerKey()) + .inputParam("scope validator", validator.getName()) + .inputParam("scopes (before validation)", oauthAuthzMsgCtx.getApprovedScope()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("Before validating scopes") - .logLevel(DiagnosticLog.LogLevel.ADVANCED); + .logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } boolean isGlobalValidScope = validator.validateScope(oauthAuthzMsgCtx); if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "scope-validation"); - diagnosticLogBuilder.putParams("clientId", oauthAuthzMsgCtx.getAuthorizationReqDTO().getConsumerKey()) - .putParams("ScopeValidator", validator.getName()) - .putParams("Scopes (After Validation)", oauthAuthzMsgCtx.getApprovedScope()) + diagnosticLogBuilder.inputParam("client id", oauthAuthzMsgCtx.getAuthorizationReqDTO().getConsumerKey()) + .inputParam("scope validator", validator.getName()) + .inputParam("scopes (after validation)", oauthAuthzMsgCtx.getApprovedScope()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("After validating scopes.") - .logLevel(DiagnosticLog.LogLevel.ADVANCED); + .logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } if (log.isDebugEnabled()) { diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java index 41e4c10086..fbac7e1711 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java @@ -306,19 +306,20 @@ public static AuthzCodeDO generateAuthorizationCode(OAuthAuthzReqMessageContext if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "issue-authz-code"); - diagnosticLogBuilder.putParams("clientId", authorizationReqDTO.getConsumerKey()) + diagnosticLogBuilder.inputParam("client id", authorizationReqDTO.getConsumerKey()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("Authorization Code issued successfully.") - .putParams("requestedScopes", OAuth2Util.buildScopeString(authorizationReqDTO.getScopes())) - .putParams("redirectUri", authorizationReqDTO.getCallbackUrl()) - .putParams("authzCodeValidityPeriod (ms)", String.valueOf(validityPeriod)); + .inputParam("requested scopes", OAuth2Util.buildScopeString(authorizationReqDTO.getScopes())) + .inputParam("redirect uri", authorizationReqDTO.getCallbackUrl()) + .inputParam("authz code validity period (ms)", String.valueOf(validityPeriod)) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); if (authorizationReqDTO.getUser() != null) { try { - diagnosticLogBuilder.putParams("user", authorizationReqDTO.getUser().getUserId()); + diagnosticLogBuilder.inputParam("user", authorizationReqDTO.getUser().getUserId()); } catch (UserIdNotFoundException e) { if (StringUtils.isNotBlank(authorizationReqDTO.getUser().getAuthenticatedSubjectIdentifier())) { - diagnosticLogBuilder.putParams("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils + diagnosticLogBuilder.inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils .getMaskedContent(authorizationReqDTO.getUser().getAuthenticatedSubjectIdentifier()) : authorizationReqDTO.getUser().getAuthenticatedSubjectIdentifier()); } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java index f08972ff75..e6cfdea7ff 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java @@ -459,16 +459,17 @@ public OAuth2AccessTokenRespDTO issue(OAuth2AccessTokenReqDTO tokenReqDTO) if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "issue-access-token"); - diagnosticLogBuilder.putParams("clientId", tokenReqDTO.getClientId()) - .putParams("authorizedScopes", tokenRespDTO.getAuthorizedScopes()) - .putParams("grantType", grantType) - .putParams("tokenExpiryTime (s)", tokenRespDTO.getExpiresIn()) + diagnosticLogBuilder.inputParam("clientId", tokenReqDTO.getClientId()) + .inputParam("authorized scopes", tokenRespDTO.getAuthorizedScopes()) + .inputParam("grant type", grantType) + .inputParam("token expiry time (s)", tokenRespDTO.getExpiresIn()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .resultMessage("Access token issued for the application."); + .resultMessage("Access token issued for the application.") + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); if (tokReqMsgCtx.getAuthorizedUser() != null) { - diagnosticLogBuilder.putParams("userId", tokReqMsgCtx.getAuthorizedUser().getUserId()); + diagnosticLogBuilder.inputParam("user id", tokReqMsgCtx.getAuthorizedUser().getUserId()); String username = tokReqMsgCtx.getAuthorizedUser().getUserName(); - diagnosticLogBuilder.putParams("username", LoggerUtils.isLogMaskingEnable ? + diagnosticLogBuilder.inputParam("username", LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(username) : username); } LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); @@ -488,11 +489,12 @@ public OAuth2AccessTokenRespDTO issue(OAuth2AccessTokenReqDTO tokenReqDTO) if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "issue-id-token"); - diagnosticLogBuilder.putParams("clientId", tokenReqDTO.getClientId()) - .putParams("Issued claims for ID Token", tokReqMsgCtx.getProperty( + diagnosticLogBuilder.inputParam("clientId", tokenReqDTO.getClientId()) + .inputParam("issued claims for id token", tokReqMsgCtx.getProperty( ID_TOKEN_USER_CLAIMS_PROP_KEY)) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) - .resultMessage("ID token issued for the application."); + .resultMessage("ID token issued for the application.") + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } tokenRespDTO.setIDToken(idToken); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java index 81777476ca..29ca02c78a 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java @@ -378,8 +378,8 @@ private boolean validateAuthzCodeFromRequest(AuthzCodeDO authzCodeBean, String c DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "validate-authz-code"); if (LoggerUtils.isDiagnosticLogsEnabled()) { - diagnosticLogBuilder.putParams("clientId", clientId) - .putParams("authorizationCode", authzCode); + diagnosticLogBuilder.inputParam("client id", clientId) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); } if (authzCodeBean == null) { // If no auth code details available, cannot proceed with Authorization code grant @@ -390,7 +390,9 @@ private boolean validateAuthzCodeFromRequest(AuthzCodeDO authzCodeBean, String c if (LoggerUtils.isDiagnosticLogsEnabled()) { diagnosticLogBuilder.resultMessage("Invalid authorization code received. Couldn't find persisted data" + " for authorization code.") - .resultStatus(DiagnosticLog.ResultStatus.FAILED); + .inputParam("authorization code", authzCode) + .resultStatus(DiagnosticLog.ResultStatus.FAILED) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } throw new IdentityOAuth2Exception("Invalid authorization code received from token request"); @@ -400,7 +402,9 @@ private boolean validateAuthzCodeFromRequest(AuthzCodeDO authzCodeBean, String c clearTokenCache(authzCodeBean, clientId); if (LoggerUtils.isDiagnosticLogsEnabled()) { diagnosticLogBuilder.resultMessage("Inactive authorization code received.") - .resultStatus(DiagnosticLog.ResultStatus.FAILED); + .inputParam("authorization code", authzCode) + .resultStatus(DiagnosticLog.ResultStatus.FAILED) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } throw new IdentityOAuth2Exception("Inactive authorization code received from token request"); @@ -410,13 +414,17 @@ private boolean validateAuthzCodeFromRequest(AuthzCodeDO authzCodeBean, String c if (isAuthzCodeExpired(authzCodeBean)) { if (LoggerUtils.isDiagnosticLogsEnabled()) { diagnosticLogBuilder.resultMessage("Expired authorization code received.") - .resultStatus(DiagnosticLog.ResultStatus.FAILED); + .inputParam("authorization code", authzCode) + .resultStatus(DiagnosticLog.ResultStatus.FAILED) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } } else if (isAuthzCodeRevoked(authzCodeBean)) { if (LoggerUtils.isDiagnosticLogsEnabled()) { diagnosticLogBuilder.resultMessage("Revoked authorization code received.") - .resultStatus(DiagnosticLog.ResultStatus.FAILED); + .inputParam("authorization code", authzCode) + .resultStatus(DiagnosticLog.ResultStatus.FAILED) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } } @@ -424,7 +432,8 @@ private boolean validateAuthzCodeFromRequest(AuthzCodeDO authzCodeBean, String c } if (LoggerUtils.isDiagnosticLogsEnabled()) { diagnosticLogBuilder.resultMessage("Authorization code validation is successful.") - .resultStatus(DiagnosticLog.ResultStatus.SUCCESS); + .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } return true; diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OpenIDConnectClaimFilterImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OpenIDConnectClaimFilterImpl.java index 9936ff4457..1ac97e9662 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OpenIDConnectClaimFilterImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OpenIDConnectClaimFilterImpl.java @@ -180,9 +180,10 @@ public List getClaimsFilteredByOIDCScopes(Set requestedScopes, S if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, "issue-access-token"); - diagnosticLogBuilder.putParams("Requested Scopes", requestedScopes) + diagnosticLogBuilder.inputParam("requested scopes", requestedScopes) .resultMessage("Get Claims Filtered By OIDC Scopes.") - .resultStatus(DiagnosticLog.ResultStatus.SUCCESS); + .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } return filteredClaims;