Additional logging.

rfc3092 · rfc3092 · commit de36bbebc3e0 · 2025-02-26T22:10:12.000+01:00
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java
@@ -22,21 +22,17 @@ public class GetAuthenticatedResourceServerType extends JwtResolver implements C
     private Optional<ResourceServerType> getResourceTypeFrom(JwtAuthenticationToken token) {
         return resourceServerProperties
                 .stream()
-                .filter(properties -> {
-                    if (token == null) {
-                        log.warn("Token is null");
-                    } else if (token.getToken() == null) {
-                        log.warn("Token.getToken() is null");
-                    } else if (token.getToken().getIssuer() == null) {
-                        log.warn("Token.getToken().getIssuer() is null");
-                    }
-                    return Optional
-                            .ofNullable(token)
-                            .map(JwtAuthenticationToken::getToken)
-                            .map(JwtClaimAccessor::getIssuer)
-                            .map(issuerFromToken -> issuerFromToken.toString().equalsIgnoreCase(properties.getIssuerUri()))
-                            .orElse(false);
-                })
+                .filter(properties ->
+                        Optional
+                                .ofNullable(token)
+                                .map(JwtAuthenticationToken::getToken)
+                                .map(JwtClaimAccessor::getIssuer)
+                                .map(issuerFromToken -> {
+                                    var issuer = issuerFromToken.toString().equalsIgnoreCase(properties.getIssuerUri());
+                                    log.info("issuerFromToken: {}, properties.getIssuerUri(): {}, issuer: {}", issuerFromToken, properties.getIssuerUri(), issuer);
+                                    return issuer;
+                                })
+                                .orElse(false))
                 .findFirst()
                 .map(ResourceServerProperties::getType);
     }
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java
@@ -14,15 +14,14 @@ Mono<Authentication> getJwtAuthenticationToken() {
                 .getContext()
                 .switchIfEmpty(Mono.error(new EmptyReactiveSecurityContextException()))
                 .doOnNext(context -> log.info("JwtResolver context.authentication {} {}", context.getAuthentication().getClass().getCanonicalName(), context.getAuthentication()))
-                .map(SecurityContext::getAuthentication);
+                .map(SecurityContext::getAuthentication)
+                .doOnNext(authentication -> log.info("JwtResolver authentication {} {}", authentication.getClass().getCanonicalName(), authentication));
     }
 
     static class EmptyReactiveSecurityContextException extends IllegalStateException {
-
         EmptyReactiveSecurityContextException() {
             super();
         }
-
     }
 
 }
diff --git a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/jwt/MultipleIssuersJwtDecoder.java b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/jwt/MultipleIssuersJwtDecoder.java
@@ -65,7 +65,7 @@ private static OAuth2TokenValidator<Jwt> customAudienceValidator(ResourceServerP
                     .stream()
                     .anyMatch(audience -> properties.getAcceptedAudience().contains(audience));
             if (!valid) {
-                log.error("Fant ikke påkrevd audience {} i tokenet, bare {}", properties.getAcceptedAudience(), token.getAudience());
+                log.warn("Fant ikke påkrevd audience {} i tokenet, bare {}", properties.getAcceptedAudience(), token.getAudience());
             }
             return OAuth2TokenValidatorResult.success();
         };
diff --git a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/jwt/SecureOAuth2ServerToServerAutoConfiguration.java b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/jwt/SecureOAuth2ServerToServerAutoConfiguration.java
@@ -36,7 +36,7 @@ public class SecureOAuth2ServerToServerAutoConfiguration {
     @Bean
     @Profile("!test")
     @ConditionalOnMissingBean
-    JwtDecoder jwtDecoder(List<ResourceServerProperties> properties) {
+    MultipleIssuersJwtDecoder jwtDecoder(List<ResourceServerProperties> properties) {
         return new MultipleIssuersJwtDecoder(properties);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -14,15 +14,14 @@ Mono<Authentication> getJwtAuthenticationToken() {`
`14`	`14`	`.getContext()`
`15`	`15`	`.switchIfEmpty(Mono.error(new EmptyReactiveSecurityContextException()))`
`16`	`16`	`.doOnNext(context -> log.info("JwtResolver context.authentication {} {}", context.getAuthentication().getClass().getCanonicalName(), context.getAuthentication()))`
`17`		`- .map(SecurityContext::getAuthentication);`
	`17`	`+ .map(SecurityContext::getAuthentication)`
	`18`	`+ .doOnNext(authentication -> log.info("JwtResolver authentication {} {}", authentication.getClass().getCanonicalName(), authentication));`
`18`	`19`	`}`
`19`	`20`
`20`	`21`	`static class EmptyReactiveSecurityContextException extends IllegalStateException {`
`21`		`-`
`22`	`22`	`EmptyReactiveSecurityContextException() {`
`23`	`23`	`super();`
`24`	`24`	`}`
`25`		`-`
`26`	`25`	`}`
`27`	`26`
`28`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ private static OAuth2TokenValidator<Jwt> customAudienceValidator(ResourceServerP`
`65`	`65`	`.stream()`
`66`	`66`	`.anyMatch(audience -> properties.getAcceptedAudience().contains(audience));`
`67`	`67`	`if (!valid) {`
`68`		`- log.error("Fant ikke påkrevd audience {} i tokenet, bare {}", properties.getAcceptedAudience(), token.getAudience());`
	`68`	`+ log.warn("Fant ikke påkrevd audience {} i tokenet, bare {}", properties.getAcceptedAudience(), token.getAudience());`
`69`	`69`	`}`
`70`	`70`	`return OAuth2TokenValidatorResult.success();`
`71`	`71`	`};`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ public class SecureOAuth2ServerToServerAutoConfiguration {`
`36`	`36`	`@Bean`
`37`	`37`	`@Profile("!test")`
`38`	`38`	`@ConditionalOnMissingBean`
`39`		`- JwtDecoder jwtDecoder(List<ResourceServerProperties> properties) {`
	`39`	`+ MultipleIssuersJwtDecoder jwtDecoder(List<ResourceServerProperties> properties) {`
`40`	`40`	`return new MultipleIssuersJwtDecoder(properties);`
`41`	`41`	`}`
`42`	`42`