feat(jans-auth-server): log httpresponse body configurated by httpLoggingResponseBodyContent #349 #4417

jmunozherbas · 2023-03-31T20:58:48Z

Prepare

Read PR guidelines
Read license information

Description

A new AppConfiguration param for logging response body.

Target issue

#349

closes #349

Implementation Details

The response body is logged if param "httpLoggingResponseBodyContent" is true in jans-auth AppConfiguration.
(ConfDynamic)
If param not exist or is false, then response body is not logged.

Test and Document the changes

Static code analysis has been run locally and issues have been fixed
Relevant unit and integration tests have been added/updated
Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Closes #4418,

…dy content

…ent documentation

…configurated

mo-auto · 2023-03-31T21:00:00Z

Error: Hi @jmunozherbas, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

yuriyz

See inline comment

yuriyz · 2023-04-02T19:53:46Z

jans-auth-server/server/src/main/java/io/jans/as/server/audit/debug/ServletLoggingFilter.java

+        if (appConfiguration.getHttpLoggingResponseBodyContent()) {
+            httpResponse.setStatus(((ReadableResponseWrapper) responseWrapper).getStatus());
+            httpResponse.setHeaders(((ReadableResponseWrapper) responseWrapper).getHeaders());
+            httpResponse.setBody(((ReadableResponseWrapper) responseWrapper).readBodyValue());


@jmunozherbas would you please extensively test this change and confirm it works good ? Because this line sounds like we read from writer and close it. So down the chain filters will not be able to process it. As result it can cause not returing response out of the server. It's similar problem as reading input stream in request which can make it unavailable further.

See this https://stackoverflow.com/questions/10210645/http-servlet-request-lose-params-from-post-body-after-read-it-once

I have applied some changes.
I have tested with jans-auth-client heap of tests, and results are similar than before the change.
Clarification.- The changes and new flows just be applied if the parameter "httpLoggingResponseBodyContent" is enabled, if this parameter doesn´t exist or is false, then the flow is executed as usual.

The code to read body from response is based on next example:

search "Logging requests and responses" in next page:
https://spaces.at.internet2.edu/display/Grouper/Grouper+Web+Services

code repository:
https://github.com/Internet2/grouper/tree/master/grouper-ws/grouper-ws/src/grouper-ws/edu/internet2/middleware/grouper/ws/j2ee

maven repository of this code library:
https://mvnrepository.com/artifact/edu.internet2.middleware.grouper/grouper-ws/5.0.3

There is an example to read request body too, maybe could be implemented.
The log printting in just one line (request and response) could be implemented too, similar to the example code.

If all tests are passed with httpLoggingResponseBodyContent=true then I guess we are good to merge.

…onse

…nt param

sonarcloud · 2023-04-26T16:05:42Z

[Jans authentication server parent] SonarCloud Quality Gate failed.

1 Bug
0 Vulnerabilities
1 Security Hotspot
7 Code Smells

0.0% Coverage
0.0% Duplication

yuriyz · 2023-05-05T09:19:44Z

Lets correct sonar reports before merge.

…configurated

sonarcloud · 2023-05-07T08:23:13Z

[jans-cli] Kudos, SonarCloud Quality Gate passed!