Reduce JWT Logs (#5108)

Removed logging in some areas and changed level from `WARN` -> `DEBUG`
to reduce verbosity

Closes #5089

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ludy <[email protected]>
Co-authored-by: EthanHealy01 <[email protected]>
Co-authored-by: Ethan <[email protected]>
Co-authored-by: Anthony Stirling <[email protected]>
Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
This commit is contained in:
Dario Ghunney Ware
2025-12-02 12:34:17 +00:00
committed by GitHub
co-authored by dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Ludy EthanHealy01 Ethan Anthony Stirling stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
parent 1e72416d55
commit feebfe82fa
5 changed files with 11 additions and 15 deletions
@@ -19,9 +19,9 @@ import stirling.software.common.service.UserServiceInterface;
/** /**
* Unified signature image controller that works for both authenticated and unauthenticated users. * Unified signature image controller that works for both authenticated and unauthenticated users.
* Uses composition pattern: - Core SharedSignatureService (always available): reads shared signatures - * Uses composition pattern: - Core SharedSignatureService (always available): reads shared
* PersonalSignatureService (proprietary, optional): reads personal signatures For authenticated * signatures - PersonalSignatureService (proprietary, optional): reads personal signatures For
* signature management (save/delete), see proprietary SignatureController. * authenticated signature management (save/delete), see proprietary SignatureController.
*/ */
@Slf4j @Slf4j
@RestController @RestController
@@ -283,7 +283,12 @@ public class AdminLicenseController {
// Prevent path traversal and enforce single filename component // Prevent path traversal and enforce single filename component
if (filename.contains("..") || filename.contains("/") || filename.contains("\\")) { if (filename.contains("..") || filename.contains("/") || filename.contains("\\")) {
return ResponseEntity.badRequest() return ResponseEntity.badRequest()
.body(Map.of("success", false, "error", "Filename must not contain path separators or '..'")); .body(
Map.of(
"success",
false,
"error",
"Filename must not contain path separators or '..'"));
} }
// Validate file extension // Validate file extension
@@ -105,22 +105,18 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
} }
try { try {
log.debug("Validating JWT token");
jwtService.validateToken(jwtToken); jwtService.validateToken(jwtToken);
log.debug("JWT token validated successfully");
} catch (AuthenticationFailureException e) { } catch (AuthenticationFailureException e) {
log.warn("JWT validation failed: {}", e.getMessage()); log.debug("JWT validation failed: {}", e.getMessage());
handleAuthenticationFailure(request, response, e); handleAuthenticationFailure(request, response, e);
return; return;
} }
Map<String, Object> claims = jwtService.extractClaims(jwtToken); Map<String, Object> claims = jwtService.extractClaims(jwtToken);
String tokenUsername = claims.get("sub").toString(); String tokenUsername = claims.get("sub").toString();
log.debug("JWT token username: {}", tokenUsername);
try { try {
authenticate(request, claims); authenticate(request, claims);
log.debug("Authentication successful for user: {}", tokenUsername);
} catch (SQLException | UnsupportedProviderException e) { } catch (SQLException | UnsupportedProviderException e) {
log.error("Error processing user authentication for user: {}", tokenUsername, e); log.error("Error processing user authentication for user: {}", tokenUsername, e);
handleAuthenticationFailure( handleAuthenticationFailure(
@@ -50,7 +50,6 @@ public class JwtService implements JwtServiceInterface {
KeyPersistenceServiceInterface keyPersistenceService) { KeyPersistenceServiceInterface keyPersistenceService) {
this.v2Enabled = v2Enabled; this.v2Enabled = v2Enabled;
this.keyPersistenceService = keyPersistenceService; this.keyPersistenceService = keyPersistenceService;
log.info("JwtService initialized");
} }
@Override @Override
@@ -256,11 +255,9 @@ public class JwtService implements JwtServiceInterface {
String authHeader = request.getHeader("Authorization"); String authHeader = request.getHeader("Authorization");
if (authHeader != null && authHeader.startsWith("Bearer ")) { if (authHeader != null && authHeader.startsWith("Bearer ")) {
String token = authHeader.substring(7); // Remove "Bearer " prefix String token = authHeader.substring(7); // Remove "Bearer " prefix
log.debug("JWT token extracted from Authorization header");
return token; return token;
} }
log.debug("No JWT token found in Authorization header");
return null; return null;
} }
@@ -283,10 +280,9 @@ public class JwtService implements JwtServiceInterface {
.parse(token) .parse(token)
.getHeader() .getHeader()
.get("kid"); .get("kid");
log.debug("Extracted key ID from token: {}", keyId);
return keyId; return keyId;
} catch (Exception e) { } catch (Exception e) {
log.warn("Failed to extract key ID from token header: {}", e.getMessage()); log.debug("Failed to extract key ID from token header: {}", e.getMessage());
return null; return null;
} }
} }
@@ -55,7 +55,6 @@ public class KeyPairCleanupService {
return; return;
} }
log.info("Removing keys older than retention period");
removeKeys(eligibleKeys); removeKeys(eligibleKeys);
keyPersistenceService.refreshActiveKeyPair(); keyPersistenceService.refreshActiveKeyPair();
} }