From feebfe82faa7e711d7e2ab6c05935b9f09014a41 Mon Sep 17 00:00:00 2001
From: Dario Ghunney Ware <dariogware@gmail.com>
Date: Tue, 2 Dec 2025 12:34:17 +0000
Subject: [PATCH] Reduce JWT Logs (#5108)

Removed logging in some areas and changed level from `WARN` -> `DEBUG`
to reduce verbosity

Closes #5089

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ludy <Ludy87@users.noreply.github.com>
Co-authored-by: EthanHealy01 <80844253+EthanHealy01@users.noreply.github.com>
Co-authored-by: Ethan <ethan@MacBook-Pro.local>
Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
---
 .../SPDF/controller/web/SignatureImageController.java      | 6 +++---
 .../security/controller/api/AdminLicenseController.java    | 7 ++++++-
 .../security/filter/JwtAuthenticationFilter.java           | 6 +-----
 .../software/proprietary/security/service/JwtService.java  | 6 +-----
 .../security/service/KeyPairCleanupService.java            | 1 -
 5 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/web/SignatureImageController.java b/app/core/src/main/java/stirling/software/SPDF/controller/web/SignatureImageController.java
index 90313af29..5d69d60c8 100644
--- a/app/core/src/main/java/stirling/software/SPDF/controller/web/SignatureImageController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/web/SignatureImageController.java
@@ -19,9 +19,9 @@ import stirling.software.common.service.UserServiceInterface;
 
 /**
  * Unified signature image controller that works for both authenticated and unauthenticated users.
- * Uses composition pattern: - Core SharedSignatureService (always available): reads shared signatures -
- * PersonalSignatureService (proprietary, optional): reads personal signatures For authenticated
- * signature management (save/delete), see proprietary SignatureController.
+ * Uses composition pattern: - Core SharedSignatureService (always available): reads shared
+ * signatures - PersonalSignatureService (proprietary, optional): reads personal signatures For
+ * authenticated signature management (save/delete), see proprietary SignatureController.
  */
 @Slf4j
 @RestController
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/AdminLicenseController.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/AdminLicenseController.java
index c75b4d23f..018607e4d 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/AdminLicenseController.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/AdminLicenseController.java
@@ -283,7 +283,12 @@ public class AdminLicenseController {
         // Prevent path traversal and enforce single filename component
         if (filename.contains("..") || filename.contains("/") || filename.contains("\\")) {
             return ResponseEntity.badRequest()
-                    .body(Map.of("success", false, "error", "Filename must not contain path separators or '..'"));
+                    .body(
+                            Map.of(
+                                    "success",
+                                    false,
+                                    "error",
+                                    "Filename must not contain path separators or '..'"));
         }
 
         // Validate file extension
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
index ace7d3318..b481da51c 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
@@ -105,22 +105,18 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
             }
 
             try {
-                log.debug("Validating JWT token");
                 jwtService.validateToken(jwtToken);
-                log.debug("JWT token validated successfully");
             } catch (AuthenticationFailureException e) {
-                log.warn("JWT validation failed: {}", e.getMessage());
+                log.debug("JWT validation failed: {}", e.getMessage());
                 handleAuthenticationFailure(request, response, e);
                 return;
             }
 
             Map<String, Object> claims = jwtService.extractClaims(jwtToken);
             String tokenUsername = claims.get("sub").toString();
-            log.debug("JWT token username: {}", tokenUsername);
 
             try {
                 authenticate(request, claims);
-                log.debug("Authentication successful for user: {}", tokenUsername);
             } catch (SQLException | UnsupportedProviderException e) {
                 log.error("Error processing user authentication for user: {}", tokenUsername, e);
                 handleAuthenticationFailure(
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtService.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtService.java
index 061b063aa..60472fef4 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtService.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtService.java
@@ -50,7 +50,6 @@ public class JwtService implements JwtServiceInterface {
             KeyPersistenceServiceInterface keyPersistenceService) {
         this.v2Enabled = v2Enabled;
         this.keyPersistenceService = keyPersistenceService;
-        log.info("JwtService initialized");
     }
 
     @Override
@@ -256,11 +255,9 @@ public class JwtService implements JwtServiceInterface {
         String authHeader = request.getHeader("Authorization");
         if (authHeader != null && authHeader.startsWith("Bearer ")) {
             String token = authHeader.substring(7); // Remove "Bearer " prefix
-            log.debug("JWT token extracted from Authorization header");
             return token;
         }
 
-        log.debug("No JWT token found in Authorization header");
         return null;
     }
 
@@ -283,10 +280,9 @@ public class JwtService implements JwtServiceInterface {
                                     .parse(token)
                                     .getHeader()
                                     .get("kid");
-            log.debug("Extracted key ID from token: {}", keyId);
             return keyId;
         } catch (Exception e) {
-            log.warn("Failed to extract key ID from token header: {}", e.getMessage());
+            log.debug("Failed to extract key ID from token header: {}", e.getMessage());
             return null;
         }
     }
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/KeyPairCleanupService.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/KeyPairCleanupService.java
index b419f78fe..aec455a92 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/KeyPairCleanupService.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/KeyPairCleanupService.java
@@ -55,7 +55,6 @@ public class KeyPairCleanupService {
             return;
         }
 
-        log.info("Removing keys older than retention period");
         removeKeys(eligibleKeys);
         keyPersistenceService.refreshActiveKeyPair();
     }