From 2d6fe559850c232b9be02fe71c7d4b6ff97ac3eb Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Fri, 29 Nov 2024 08:53:54 +0000 Subject: [PATCH] info to debug --- .../security/SecurityConfiguration.java | 59 ++++++------------- ...stomSaml2AuthenticationSuccessHandler.java | 26 ++++---- 2 files changed, 30 insertions(+), 55 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java index 30710c16..c28b967e 100644 --- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java +++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java @@ -312,31 +312,6 @@ public class SecurityConfiguration { return http.build(); } - // @Bean - // public Saml2WebSsoAuthenticationRequestFilter saml2WebSsoAuthenticationRequestFilter( - // RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) { - // OpenSaml4AuthenticationRequestResolver authenticationRequestResolver = - // new OpenSaml4AuthenticationRequestResolver(relyingPartyRegistrationRepository); - // - // Saml2WebSsoAuthenticationRequestFilter filter = - // new Saml2WebSsoAuthenticationRequestFilter( - // authenticationRequestResolver - // ); - // return filter; - // } - // - @Bean - @ConditionalOnProperty( - value = "security.saml2.enabled", - havingValue = "true", - matchIfMissing = false) - public AuthenticationProvider samlAuthenticationProvider() { - OpenSaml4AuthenticationProvider provider = new OpenSaml4AuthenticationProvider(); - provider.setResponseAuthenticationConverter( - new CustomSaml2ResponseAuthenticationConverter(userService)); - return provider; - } - @Bean @ConditionalOnProperty( value = "security.oauth2.enabled", @@ -525,12 +500,12 @@ public class SecurityConfiguration { new OpenSaml4AuthenticationRequestResolver(relyingPartyRegistrationRepository); resolver.setAuthnRequestCustomizer( customizer -> { - log.info("Customizing SAML Authentication request"); + log.debug("Customizing SAML Authentication request"); AuthnRequest authnRequest = customizer.getAuthnRequest(); - log.info("AuthnRequest ID: {}", authnRequest.getID()); - log.info("AuthnRequest IssueInstant: {}", authnRequest.getIssueInstant()); - log.info( + log.debug("AuthnRequest ID: {}", authnRequest.getID()); + log.debug("AuthnRequest IssueInstant: {}", authnRequest.getIssueInstant()); + log.debug( "AuthnRequest Issuer: {}", authnRequest.getIssuer() != null ? authnRequest.getIssuer().getValue() @@ -539,42 +514,42 @@ public class SecurityConfiguration { HttpServletRequest request = customizer.getRequest(); // Log HTTP request details - log.info("HTTP Request Method: {}", request.getMethod()); - log.info("Request URI: {}", request.getRequestURI()); - log.info("Request URL: {}", request.getRequestURL().toString()); - log.info("Query String: {}", request.getQueryString()); - log.info("Remote Address: {}", request.getRemoteAddr()); + log.debug("HTTP Request Method: {}", request.getMethod()); + log.debug("Request URI: {}", request.getRequestURI()); + log.debug("Request URL: {}", request.getRequestURL().toString()); + log.debug("Query String: {}", request.getQueryString()); + log.debug("Remote Address: {}", request.getRemoteAddr()); // Log headers Collections.list(request.getHeaderNames()) .forEach( headerName -> { - log.info( + log.debug( "Header - {}: {}", headerName, request.getHeader(headerName)); }); // Log SAML specific parameters - log.info("SAML Request Parameters:"); - log.info("SAMLRequest: {}", request.getParameter("SAMLRequest")); - log.info("RelayState: {}", request.getParameter("RelayState")); + log.debug("SAML Request Parameters:"); + log.debug("SAMLRequest: {}", request.getParameter("SAMLRequest")); + log.debug("RelayState: {}", request.getParameter("RelayState")); - // Log session information if exists + // Log session debugrmation if exists if (request.getSession(false) != null) { - log.info("Session ID: {}", request.getSession().getId()); + log.debug("Session ID: {}", request.getSession().getId()); } // Log any assertions consumer service details if present if (authnRequest.getAssertionConsumerServiceURL() != null) { - log.info( + log.debug( "AssertionConsumerServiceURL: {}", authnRequest.getAssertionConsumerServiceURL()); } // Log NameID policy if present if (authnRequest.getNameIDPolicy() != null) { - log.info( + log.debug( "NameIDPolicy Format: {}", authnRequest.getNameIDPolicy().getFormat()); } diff --git a/src/main/java/stirling/software/SPDF/config/security/saml2/CustomSaml2AuthenticationSuccessHandler.java b/src/main/java/stirling/software/SPDF/config/security/saml2/CustomSaml2AuthenticationSuccessHandler.java index e0030581..faa5e67e 100644 --- a/src/main/java/stirling/software/SPDF/config/security/saml2/CustomSaml2AuthenticationSuccessHandler.java +++ b/src/main/java/stirling/software/SPDF/config/security/saml2/CustomSaml2AuthenticationSuccessHandler.java @@ -35,11 +35,11 @@ public class CustomSaml2AuthenticationSuccessHandler throws ServletException, IOException { Object principal = authentication.getPrincipal(); - log.info("Starting SAML2 authentication success handling"); + log.debug("Starting SAML2 authentication success handling"); if (principal instanceof CustomSaml2AuthenticatedPrincipal) { String username = ((CustomSaml2AuthenticatedPrincipal) principal).getName(); - log.info("Authenticated principal found for user: {}", username); + log.debug("Authenticated principal found for user: {}", username); HttpSession session = request.getSession(false); String contextPath = request.getContextPath(); @@ -48,7 +48,7 @@ public class CustomSaml2AuthenticationSuccessHandler ? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST") : null; - log.info( + log.debug( "Session exists: {}, Saved request exists: {}", session != null, savedRequest != null); @@ -56,18 +56,18 @@ public class CustomSaml2AuthenticationSuccessHandler if (savedRequest != null && !RequestUriUtils.isStaticResource( contextPath, savedRequest.getRedirectUrl())) { - log.info( + log.debug( "Valid saved request found, redirecting to original destination: {}", savedRequest.getRedirectUrl()); super.onAuthenticationSuccess(request, response, authentication); } else { SAML2 saml2 = applicationProperties.getSecurity().getSaml2(); - log.info( + log.debug( "Processing SAML2 authentication with autoCreateUser: {}", saml2.getAutoCreateUser()); if (loginAttemptService.isBlocked(username)) { - log.info("User {} is blocked due to too many login attempts", username); + log.debug("User {} is blocked due to too many login attempts", username); if (session != null) { session.removeAttribute("SPRING_SECURITY_SAVED_REQUEST"); } @@ -82,14 +82,14 @@ public class CustomSaml2AuthenticationSuccessHandler && userService.isAuthenticationTypeByUsername( username, AuthenticationType.SSO); - log.info( + log.debug( "User status - Exists: {}, Has password: {}, Is SSO user: {}", userExists, hasPassword, isSSOUser); if (userExists && hasPassword && !isSSOUser && saml2.getAutoCreateUser()) { - log.info( + log.debug( "User {} exists with password but is not SSO user, redirecting to logout", username); response.sendRedirect( @@ -99,18 +99,18 @@ public class CustomSaml2AuthenticationSuccessHandler try { if (saml2.getBlockRegistration() && !userExists) { - log.info("Registration blocked for new user: {}", username); + log.debug("Registration blocked for new user: {}", username); response.sendRedirect( contextPath + "/login?erroroauth=oauth2_admin_blocked_user"); return; } - log.info("Processing SSO post-login for user: {}", username); + log.debug("Processing SSO post-login for user: {}", username); userService.processSSOPostLogin(username, saml2.getAutoCreateUser()); - log.info("Successfully processed authentication for user: {}", username); + log.debug("Successfully processed authentication for user: {}", username); response.sendRedirect(contextPath + "/"); return; } catch (IllegalArgumentException e) { - log.info( + log.debug( "Invalid username detected for user: {}, redirecting to logout", username); response.sendRedirect(contextPath + "/logout?invalidUsername=true"); @@ -118,7 +118,7 @@ public class CustomSaml2AuthenticationSuccessHandler } } } else { - log.info("Non-SAML2 principal detected, delegating to parent handler"); + log.debug("Non-SAML2 principal detected, delegating to parent handler"); super.onAuthenticationSuccess(request, response, authentication); } }