Refactor: Enhance SimpleAuthorization Log (#55)

Ahoo-Wang · Jan 5, 2023 · bece707 · bece707
1 parent 777e3d9
commit bece707
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 2 deletions.
diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/authorization/SimpleAuthorization.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/authorization/SimpleAuthorization.kt
@@ -21,6 +21,7 @@ import me.ahoo.cosec.api.policy.Policy
 import me.ahoo.cosec.api.policy.Statement
 import me.ahoo.cosec.api.policy.VerifyResult
 import me.ahoo.cosec.api.principal.CoSecPrincipal.Companion.isRoot
+import org.slf4j.LoggerFactory
 import reactor.core.publisher.Mono
 import reactor.kotlin.core.publisher.toMono
 
@@ -30,6 +31,9 @@ import reactor.kotlin.core.publisher.toMono
  * @author ahoo wang
  */
 class SimpleAuthorization(private val policyRepository: PolicyRepository) : Authorization {
+    companion object {
+        private val log = LoggerFactory.getLogger(SimpleAuthorization::class.java)
+    }
 
     private fun verifyPolicies(policies: Set<Policy>, request: Request, context: SecurityContext): VerifyResult {
         policies.forEach { policy: Policy ->
@@ -38,6 +42,9 @@ class SimpleAuthorization(private val policyRepository: PolicyRepository) : Auth
             }.forEach { statement: Statement ->
                 val verifyResult = statement.verify(request, context)
                 if (verifyResult == VerifyResult.EXPLICIT_DENY) {
+                    if (log.isDebugEnabled) {
+                        log.debug("Verify [$request] [$context] matched Policy[${policy.id}] - [Explicit Deny].")
+                    }
                     return VerifyResult.EXPLICIT_DENY
                 }
             }
@@ -49,6 +56,9 @@ class SimpleAuthorization(private val policyRepository: PolicyRepository) : Auth
             }.forEach { statement: Statement ->
                 val verifyResult = statement.verify(request, context)
                 if (verifyResult == VerifyResult.ALLOW) {
+                    if (log.isDebugEnabled) {
+                        log.debug("Verify [$request] [$context] matched Policy[${policy.id}] - [Allow].")
+                    }
                     return VerifyResult.ALLOW
                 }
             }
@@ -59,6 +69,9 @@ class SimpleAuthorization(private val policyRepository: PolicyRepository) : Auth
 
     private fun verifyRoot(context: SecurityContext): VerifyResult {
         return if (context.principal.isRoot()) {
+            if (log.isDebugEnabled) {
+                log.debug("Verify [$context] matched Root - [Allow].")
+            }
             VerifyResult.ALLOW
         } else {
             VerifyResult.IMPLICIT_DENY
@@ -118,7 +131,14 @@ class SimpleAuthorization(private val policyRepository: PolicyRepository) : Auth
                                 when (roleVerifyResult) {
                                     VerifyResult.ALLOW -> AuthorizeResult.ALLOW
                                     VerifyResult.EXPLICIT_DENY -> AuthorizeResult.EXPLICIT_DENY
-                                    VerifyResult.IMPLICIT_DENY -> AuthorizeResult.IMPLICIT_DENY
+                                    VerifyResult.IMPLICIT_DENY -> {
+                                        if (log.isDebugEnabled) {
+                                            log.debug(
+                                                "Verify [$request] [$context] No policies matched - [Implicit Deny]."
+                                            )
+                                        }
+                                        AuthorizeResult.IMPLICIT_DENY
+                                    }
                                 }
                             }
                     }

diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/context/SimpleSecurityContext.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/context/SimpleSecurityContext.kt
@@ -47,6 +47,10 @@ class SimpleSecurityContext(
         @Suppress("UNCHECKED_CAST")
         return attributes[key] as T?
     }
+
+    override fun toString(): String {
+        return "SimpleSecurityContext(principal.id=${principal.id}, tenantId=${tenant.tenantId})"
+    }
 }
 
 val CoSecPrincipal.tenant: Tenant

diff --git a/cosec-core/src/test/kotlin/me/ahoo/cosec/authorization/SimpleAuthorizationTest.kt b/cosec-core/src/test/kotlin/me/ahoo/cosec/authorization/SimpleAuthorizationTest.kt
@@ -64,6 +64,7 @@ internal class SimpleAuthorizationTest {
     @Test
     fun authorizeWhenGlobalPolicyIsAllowAll() {
         val globalPolicy = mockk<Policy>() {
+            every { id } returns "globalPolicy"
             every { statements } returns setOf(
                 StatementData(
                     effect = Effect.ALLOW,
@@ -89,6 +90,7 @@ internal class SimpleAuthorizationTest {
     @Test
     fun authorizeWhenGlobalPolicyIsDenyAll() {
         val globalPolicy = mockk<Policy>() {
+            every { id } returns "globalPolicy"
             every { statements } returns setOf(
                 StatementData(
                     effect = Effect.DENY,
@@ -113,6 +115,7 @@ internal class SimpleAuthorizationTest {
     @Test
     fun authorizeWhenGlobalPolicyIsEmptyAndPrincipalIsAllowAll() {
         val principalPolicy = mockk<Policy>() {
+            every { id } returns "policyId"
             every { statements } returns setOf(
                 StatementData(
                     effect = Effect.ALLOW,
@@ -143,6 +146,7 @@ internal class SimpleAuthorizationTest {
     @Test
     fun authorizeWhenGlobalPolicyIsEmptyAndPrincipalIsDenyAll() {
         val principalPolicy = mockk<Policy>() {
+            every { id } returns "policyId"
             every { statements } returns setOf(
                 StatementData(
                     effect = Effect.DENY,
@@ -173,6 +177,7 @@ internal class SimpleAuthorizationTest {
     @Test
     fun authorizeWhenGlobalAndPrincipalPolicyIsEmptyAndRoleIsAllowAll() {
         val rolePolicy = mockk<Policy>() {
+            every { id } returns "policyId"
             every { statements } returns setOf(
                 StatementData(
                     effect = Effect.ALLOW,
@@ -204,6 +209,7 @@ internal class SimpleAuthorizationTest {
     @Test
     fun authorizeWhenGlobalAndPrincipalPolicyIsEmptyAndRoleIsDenyAll() {
         val rolePolicy = mockk<Policy>() {
+            every { id } returns "policyId"
             every { statements } returns setOf(
                 StatementData(
                     effect = Effect.DENY,

diff --git a/cosec-webflux/src/main/kotlin/me/ahoo/cosec/webflux/ReactiveRequest.kt b/cosec-webflux/src/main/kotlin/me/ahoo/cosec/webflux/ReactiveRequest.kt
@@ -29,4 +29,8 @@ data class ReactiveRequest(
     override fun getHeader(key: String): String {
         return delegate.request.headers.getFirst(key).orEmpty()
     }
+
+    override fun toString(): String {
+        return "ReactiveRequest(path='$path', method='$method', remoteIp='$remoteIp', origin='$origin', referer='$referer')"
+    }
 }
diff --git a/cosec-webmvc/src/main/kotlin/me/ahoo/cosec/servlet/CoSecServletRequest.kt b/cosec-webmvc/src/main/kotlin/me/ahoo/cosec/servlet/CoSecServletRequest.kt
@@ -28,4 +28,8 @@ data class CoSecServletRequest(
     override fun getHeader(key: String): String {
         return delegate.getHeader(key).orEmpty()
     }
+
+    override fun toString(): String {
+        return "CoSecServletRequest(path='$path', method='$method', remoteIp='$remoteIp', origin='$origin', referer='$referer')"
+    }
 }
diff --git a/gradle.properties b/gradle.properties
@@ -11,7 +11,7 @@
 # limitations under the License.
 #
 group=me.ahoo.cosec
-version=1.8.7
+version=1.8.8
 description=RBAC-based And Policy-based Multi-Tenant Reactive Security Framework
 website=https://github.com/Ahoo-Wang/CoSec
 issues=https://github.com/Ahoo-Wang/CoSec/issues