Skip to content

Commit 21f0ccd

Browse files
jzheauxjgrandja
jzheaux
authored and
jgrandja
committed
Restructure SwitchUserFilter Logs
Issue gh-6311
1 parent b1588c3 commit 21f0ccd

File tree

1 file changed

+18
-25
lines changed

1 file changed

+18
-25
lines changed

web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java

+18-25
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
import org.springframework.context.MessageSource;
3535
import org.springframework.context.MessageSourceAware;
3636
import org.springframework.context.support.MessageSourceAccessor;
37+
import org.springframework.core.log.LogMessage;
3738
import org.springframework.security.authentication.AccountExpiredException;
3839
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
3940
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
@@ -46,6 +47,7 @@
4647
import org.springframework.security.core.AuthenticationException;
4748
import org.springframework.security.core.GrantedAuthority;
4849
import org.springframework.security.core.SpringSecurityMessageSource;
50+
import org.springframework.security.core.context.SecurityContext;
4951
import org.springframework.security.core.context.SecurityContextHolder;
5052
import org.springframework.security.core.userdetails.UserDetails;
5153
import org.springframework.security.core.userdetails.UserDetailsChecker;
@@ -171,8 +173,10 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
171173
Authentication targetUser = attemptSwitchUser(request);
172174

173175
// update the current context to the new target user
174-
SecurityContextHolder.getContext().setAuthentication(targetUser);
175-
176+
SecurityContext context = SecurityContextHolder.createEmptyContext();
177+
context.setAuthentication(targetUser);
178+
SecurityContextHolder.setContext(context);
179+
this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", targetUser));
176180
// redirect to target url
177181
this.successHandler.onAuthenticationSuccess(request, response,
178182
targetUser);
@@ -189,14 +193,17 @@ else if (requiresExitUser(request)) {
189193
Authentication originalUser = attemptExitUser(request);
190194

191195
// update the current context back to the original user
192-
SecurityContextHolder.getContext().setAuthentication(originalUser);
193-
196+
SecurityContext context = SecurityContextHolder.createEmptyContext();
197+
context.setAuthentication(originalUser);
198+
SecurityContextHolder.setContext(context);
199+
this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", originalUser));
194200
// redirect to target url
195201
this.successHandler.onAuthenticationSuccess(request, response, originalUser);
196202

197203
return;
198204
}
199-
205+
this.logger.trace(LogMessage.format("Did not attempt to switch user since request did not match [%s] or [%s]",
206+
this.switchUserMatcher, this.exitUserMatcher));
200207
chain.doFilter(request, response);
201208
}
202209

@@ -218,25 +225,13 @@ protected Authentication attemptSwitchUser(HttpServletRequest request)
218225
UsernamePasswordAuthenticationToken targetUserRequest;
219226

220227
String username = request.getParameter(this.usernameParameter);
221-
222-
if (username == null) {
223-
username = "";
224-
}
225-
226-
if (this.logger.isDebugEnabled()) {
227-
this.logger.debug("Attempt to switch to user [" + username + "]");
228-
}
229-
228+
username = (username != null) ? username : "";
229+
this.logger.debug(LogMessage.format("Attempting to switch to user [%s]", username));
230230
UserDetails targetUser = this.userDetailsService.loadUserByUsername(username);
231231
this.userDetailsChecker.check(targetUser);
232232

233233
// OK, create the switch user token
234234
targetUserRequest = createSwitchUserToken(request, targetUser);
235-
236-
if (this.logger.isDebugEnabled()) {
237-
this.logger.debug("Switch User Token [" + targetUserRequest + "]");
238-
}
239-
240235
// publish event
241236
if (this.eventPublisher != null) {
242237
this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(
@@ -273,10 +268,9 @@ protected Authentication attemptExitUser(HttpServletRequest request)
273268
Authentication original = getSourceAuthentication(current);
274269

275270
if (original == null) {
276-
this.logger.debug("Could not find original user Authentication object!");
277-
throw new AuthenticationCredentialsNotFoundException(
278-
this.messages.getMessage("SwitchUserFilter.noOriginalAuthentication",
279-
"Could not find original Authentication object"));
271+
this.logger.debug("Failed to find original user");
272+
throw new AuthenticationCredentialsNotFoundException(this.messages
273+
.getMessage("SwitchUserFilter.noOriginalAuthentication", "Failed to find original user"));
280274
}
281275

282276
// get the source user details
@@ -373,8 +367,7 @@ private Authentication getSourceAuthentication(Authentication current) {
373367
// check for switch user type of authority
374368
if (auth instanceof SwitchUserGrantedAuthority) {
375369
original = ((SwitchUserGrantedAuthority) auth).getSource();
376-
this.logger.debug("Found original switch user granted authority ["
377-
+ original + "]");
370+
this.logger.debug(LogMessage.format("Found original switch user granted authority [%s]", original));
378371
}
379372
}
380373

0 commit comments

Comments
 (0)