diff --git a/auth/src/main/java/com/redhat/lightblue/rest/auth/jboss/CertLdapLoginModule.java b/auth/src/main/java/com/redhat/lightblue/rest/auth/jboss/CertLdapLoginModule.java index c5cfad52..627bb9e1 100644 --- a/auth/src/main/java/com/redhat/lightblue/rest/auth/jboss/CertLdapLoginModule.java +++ b/auth/src/main/java/com/redhat/lightblue/rest/auth/jboss/CertLdapLoginModule.java @@ -62,7 +62,8 @@ public class CertLdapLoginModule extends CertRolesLoginModule { @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { - addValidOptions(ALL_VALID_OPTIONS); + LOGGER.debug("CertLdapLoginModule#initialize was invoked"); + addValidOptions(ALL_VALID_OPTIONS); super.initialize(subject, callbackHandler, sharedState, options); } diff --git a/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LDAPCache.java b/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LDAPCache.java index 9dae71d6..55167fda 100644 --- a/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LDAPCache.java +++ b/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LDAPCache.java @@ -38,6 +38,7 @@ public void onRemoval(@ParametersAreNonnullByDefault RemovalNotification notific } } ).build(); + LOGGER.debug("LDAPCache: ldapCacheSession was created on a static block"); userRolesCacheSession = CacheBuilder.newBuilder() .concurrencyLevel(10) // handle 10 concurrent request without a problem @@ -54,17 +55,21 @@ public void onRemoval(@ParametersAreNonnullByDefault RemovalNotification notific } } ).build(); + LOGGER.debug("LDAPCache: userRolesCacheSession was created on a static block"); } public static Cache getLDAPCacheSession() { + LOGGER.debug("LDAPCache#getLDAPCacheSession"); return ldapCacheSession; } public static Cache> getUserRolesCacheSession() { + LOGGER.debug("LDAPCache#getUserRolesCacheSession"); return userRolesCacheSession; } public static void invalidateKey(LDAPCacheKey key) { + LOGGER.debug("LDAPCache#invalidateKey was invoked"); ldapCacheSession.invalidate(key); userRolesCacheSession.invalidate(key); } diff --git a/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LDAPSearcher.java b/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LDAPSearcher.java index 88209040..20f4fd81 100644 --- a/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LDAPSearcher.java +++ b/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LDAPSearcher.java @@ -14,6 +14,8 @@ public class LDAPSearcher { private static final Logger LOGGER = Logger.getLogger(LDAPSearcher.class); public static SearchResult searchLDAPServer(LDAPCacheKey ldapCacheKey) throws NamingException, LDAPUserNotFoundException, LDAPMultipleUserFoundException { + LOGGER.debug("LDAPSearcher#searchLDAPServer was invoked and it will call the remote LDAP server"); + // Extension a: returns an exception as the LDAP server is down (eg.: this can be meaningful to use the cache ) NamingEnumeration results = ldapCacheKey.ldapContext.search(ldapCacheKey.ldapSearchBase, ldapCacheKey.searchFilter, ldapCacheKey.searchControls); SearchResult searchResult = null; @@ -29,9 +31,11 @@ public static SearchResult searchLDAPServer(LDAPCacheKey ldapCacheKey) throws Na } // Basic flow: returns the unique entry from LDAP server + LOGGER.debug("LDAPSearcher#searchLDAPServer could retrieve the values from the remote LDAP Server"); return searchResult; } else { // Extension c: returns an exception to notify that the user was not found (eg.: this can be meaningful to evict the key ) + LOGGER.debug("LDAPSearcher#searchLDAPServer could NOT retrieve the user from the remote LDAP Server"); throw new LDAPUserNotFoundException(); } } diff --git a/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LdapFindUserByUidCommand.java b/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LdapFindUserByUidCommand.java index eb454533..f622fb1f 100644 --- a/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LdapFindUserByUidCommand.java +++ b/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LdapFindUserByUidCommand.java @@ -23,6 +23,7 @@ public class LdapFindUserByUidCommand extends HystrixCommand { private static final Logger LOGGER = Logger.getLogger(LightblueLdapRoleProvider.class); static { + LOGGER.debug("Invoking ServoGraphiteSetup#initialize on a static block"); ServoGraphiteSetup.initialize(); } @@ -31,22 +32,26 @@ public class LdapFindUserByUidCommand extends HystrixCommand { public LdapFindUserByUidCommand(LdapContext ldapContext, String ldapSearchBase, String uid) { super(HystrixCommand.Setter.withGroupKey(HystrixCommandGroupKey.Factory.asKey(GROUPKEY)). andCommandKey(HystrixCommandKey.Factory.asKey(GROUPKEY + ":" + LdapFindUserByUidCommand.class.getSimpleName()))); + LOGGER.debug("Creating LdapFindUserByUidCommand"); //check if the informed parameters are valid if (Strings.isNullOrEmpty(uid)) { + LOGGER.error("uid informed in LdapFindUserByUidCommand constructor is empty or null"); throw new IllegalArgumentException(String.format(INVALID_PARAM, "uid")); } else if (Strings.isNullOrEmpty(ldapSearchBase)) { + LOGGER.error("ldapSearchBase informed in LdapFindUserByUidCommand constructor is empty or null"); throw new IllegalArgumentException(String.format(INVALID_PARAM, "ldapSearchBase")); } else if (ldapContext == null) { + LOGGER.error("ldapContext informed in LdapFindUserByUidCommand constructor is null"); throw new IllegalArgumentException(String.format(INVALID_PARAM, "ldapContext")); } - this.cacheKey = new LDAPCacheKey(uid, ldapContext, ldapSearchBase, "(uid=" + uid + ")", SearchControls.SUBTREE_SCOPE); } @Override protected SearchResult run() throws Exception { - SearchResult searchResult = null; + LOGGER.debug("LdapFindUserByUidCommand#run was invoked"); + SearchResult searchResult = null; try { searchResult = LDAPSearcher.searchLDAPServer(cacheKey); } catch (NamingException e) { @@ -57,7 +62,7 @@ protected SearchResult run() throws Exception { // Return null in case the User not found or multiple Users were found (which is inconsistent) if (e instanceof LDAPUserNotFoundException) - LOGGER.info("No result found roles for user: " + cacheKey.uid, e); + LOGGER.error("No result found roles for user: " + cacheKey.uid, e); else { LOGGER.error("Multiples users found and only one was expected for user: " + cacheKey.uid, e); } @@ -68,6 +73,7 @@ protected SearchResult run() throws Exception { LDAPCache.invalidateKey(cacheKey); } } + LOGGER.debug("LdapFindUserByUidCommand#run : user found! Adding it to the cache"); LDAPCache.getLDAPCacheSession().put(cacheKey, searchResult); return searchResult; @@ -78,7 +84,7 @@ This methods is executed for all types of failure such as run() failure, timeout */ @Override protected SearchResult getFallback() { - LOGGER.info("Error during the execution of the command. Falling back to the cache"); + LOGGER.warn("Error during the execution of the command. Falling back to the cache"); return new FallbackViaLDAPServerProblemCommand(cacheKey, getFailedExecutionException()).execute(); } @@ -96,12 +102,14 @@ private static class FallbackViaLDAPServerProblemCommand extends HystrixCommand< public FallbackViaLDAPServerProblemCommand(LDAPCacheKey cacheKey, Throwable failedExecutionThrowable) { super(HystrixCommand.Setter.withGroupKey(HystrixCommandGroupKey.Factory.asKey(GROUPKEY)). andCommandKey(HystrixCommandKey.Factory.asKey(GROUPKEY + ":" + FallbackViaLDAPServerProblemCommand.class.getSimpleName()))); + LOGGER.debug("FallbackViaLDAPServerProblemCommand constructor"); this.cacheKey = cacheKey; this.failedExecutionThrowable = failedExecutionThrowable; } @Override protected SearchResult run() throws Exception { + LOGGER.debug("FallbackViaLDAPServerProblemCommand#run was invoked and the following Exception caused the fallback", failedExecutionThrowable); SearchResult searchResult = LDAPCache.getLDAPCacheSession().getIfPresent(cacheKey); if (searchResult == null) { CachedLDAPUserNotFoundException e = new CachedLDAPUserNotFoundException(); @@ -109,6 +117,7 @@ protected SearchResult run() throws Exception { throw e; } // was able to use the cache or use the LDAP server on the second retry + LOGGER.debug("FallbackViaLDAPServerProblemCommand#run : user found!"); return searchResult; } diff --git a/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LightblueLdapRoleProvider.java b/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LightblueLdapRoleProvider.java index 5e38df95..dc08d0d5 100644 --- a/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LightblueLdapRoleProvider.java +++ b/auth/src/main/java/com/redhat/lightblue/rest/auth/ldap/LightblueLdapRoleProvider.java @@ -43,6 +43,7 @@ public class LightblueLdapRoleProvider implements LightblueRoleProvider { String ldapSearchBase; public LightblueLdapRoleProvider(String server, String searchBase, String bindDn, String bindDNPwd) throws NamingException { + LOGGER.debug("Creating LightblueLdapRoleProvider"); Hashtable env = new Hashtable<>(); env.put(Context.SECURITY_AUTHENTICATION, "simple"); if (bindDn != null) { @@ -54,13 +55,14 @@ public LightblueLdapRoleProvider(String server, String searchBase, String bindDn env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, server); ldapSearchBase = searchBase; + LOGGER.debug("Creating InitialLdapContext "); ldapContext = new InitialLdapContext(env, null); } @Override public List getUserRoles(String userName) { + LOGGER.debug("Invoking LightblueLdapRoleProvider#getUserRoles"); List userRoles = new ArrayList<>(); - try { userRoles.addAll(getUserRolesFromCache(userName)); @@ -74,6 +76,7 @@ public List getUserRoles(String userName) { LOGGER.error("Naming problem with LDAP for user: " + userName, ne); } catch (HystrixRuntimeException ce) { // Not found in cache, returns an empty list + LOGGER.error("Not found in cache, returns an empty list " + userName, ce); } return userRoles; @@ -81,25 +84,30 @@ public List getUserRoles(String userName) { @Override public Collection getUsersInGroup(String groupName) { + LOGGER.error("Invoking LightblueLdapRoleProvider#getUsersInGroup (not supported))"); throw new UnsupportedOperationException("Not yet implemented"); } @Override public void flushRoleCache(String roleName) { + LOGGER.error("Invoking LightblueLdapRoleProvider#flushRoleCache (not supported))"); throw new UnsupportedOperationException("Not yet implemented"); } @Override public void flushUserCache(String userName) { + LOGGER.error("Invoking LightblueLdapRoleProvider#flushUserCache (not supported))"); throw new UnsupportedOperationException("Not yet implemented"); } private List getUserRolesFromCache(String userName) { + LOGGER.debug("Invoking LightblueLdapRoleProvider#getUserRolesFromCache"); LDAPCacheKey cacheKey = new LDAPCacheKey(userName, ldapContext, ldapSearchBase, "(uid=" + userName + ")", SearchControls.SUBTREE_SCOPE); return LDAPCache.getUserRolesCacheSession().getIfPresent(cacheKey); } private List getUserRolesFromLdap(SearchResult ldapUser) throws NamingException { + LOGGER.debug("Invoking LightblueLdapRoleProvider#getUserRolesFromLdap"); List groups = new ArrayList<>(); //if no user found it should return an empty list (I think)