Merge pull request 'Add detailed logging and error handling to OIDC User Service' (#27) from fix/moreloginoicduser into main
Reviewed-on: #27
This commit is contained in:
commit
f3c5e78ffa
1 changed files with 63 additions and 43 deletions
|
|
@ -262,61 +262,81 @@ public class SecurityConfig {
|
|||
final OidcUserService delegate = new OidcUserService();
|
||||
|
||||
return (userRequest) -> {
|
||||
OidcUser oidcUser = delegate.loadUser(userRequest);
|
||||
Integer userId = null;
|
||||
try {
|
||||
log.info("=== OIDC User Service called ===");
|
||||
|
||||
// Debug: Print all claims
|
||||
log.debug("=== ID Token Claims ===");
|
||||
oidcUser.getIdToken().getClaims().forEach((key, value) ->
|
||||
log.debug("{}: {}", key, value)
|
||||
);
|
||||
log.debug("======================");
|
||||
OidcUser oidcUser = delegate.loadUser(userRequest);
|
||||
log.info("OIDC User loaded successfully");
|
||||
|
||||
Set<GrantedAuthority> mappedAuthorities = new HashSet<>(oidcUser.getAuthorities());
|
||||
Integer userId = null;
|
||||
|
||||
User user = null;
|
||||
// Debug: Print all claims
|
||||
log.debug("=== ID Token Claims ===");
|
||||
oidcUser.getIdToken().getClaims().forEach((key, value) ->
|
||||
log.debug("{}: {}", key, value)
|
||||
);
|
||||
log.debug("======================");
|
||||
|
||||
String workdayId = oidcUser.getAttribute(workdayClaim);
|
||||
String email = oidcUser.getAttribute(emailClaim);
|
||||
Set<GrantedAuthority> mappedAuthorities = new HashSet<>(oidcUser.getAuthorities());
|
||||
|
||||
String firstName = oidcUser.getAttribute(firstnameClaim);
|
||||
String lastName = oidcUser.getAttribute(lastNameClaim);
|
||||
User user = null;
|
||||
|
||||
String workdayId = oidcUser.getAttribute(workdayClaim);
|
||||
String email = oidcUser.getAttribute(emailClaim);
|
||||
|
||||
if (identifyBy.equals("email") && email != null && !email.isEmpty()) {
|
||||
log.debug("Fetch user by email {}", email);
|
||||
user = userRepository.getByEmail(email);
|
||||
} else if (identifyBy.equals("workday") && workdayId != null && !workdayId.isEmpty()) {
|
||||
log.debug("Fetch user by workday id {}", workdayId);
|
||||
user = userRepository.getByWorkdayId(workdayId).orElse(null);
|
||||
}
|
||||
String firstName = oidcUser.getAttribute(firstnameClaim);
|
||||
String lastName = oidcUser.getAttribute(lastNameClaim);
|
||||
|
||||
if (user != null) {
|
||||
userId = user.getId();
|
||||
} else {
|
||||
if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) {
|
||||
var isFirstUser = userRepository.count() == 0;
|
||||
user = LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser);
|
||||
userId = userRepository.update(user);
|
||||
log.info("Claims extracted - email: {}, workdayId: {}, firstName: {}, lastName: {}",
|
||||
email, workdayId, firstName, lastName);
|
||||
|
||||
} else {
|
||||
log.debug("Unable to create user {} / {}", email, workdayId);
|
||||
mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE"));
|
||||
if (identifyBy.equals("email") && email != null && !email.isEmpty()) {
|
||||
log.debug("Fetch user by email {}", email);
|
||||
user = userRepository.getByEmail(email);
|
||||
} else if (identifyBy.equals("workday") && workdayId != null && !workdayId.isEmpty()) {
|
||||
log.debug("Fetch user by workday id {}", workdayId);
|
||||
user = userRepository.getByWorkdayId(workdayId).orElse(null);
|
||||
}
|
||||
}
|
||||
|
||||
if (user != null) {
|
||||
user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName()));
|
||||
user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase())));
|
||||
}
|
||||
if (user != null) {
|
||||
userId = user.getId();
|
||||
log.info("User found with ID: {}", userId);
|
||||
} else {
|
||||
if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) {
|
||||
log.info("Creating new user");
|
||||
var isFirstUser = userRepository.count() == 0;
|
||||
user = LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser);
|
||||
userId = userRepository.update(user);
|
||||
log.info("New user created with ID: {}", userId);
|
||||
} else {
|
||||
log.warn("Unable to create user - email: {}, firstName: {}, lastName: {}, workdayId: {}",
|
||||
email, firstName, lastName, workdayId);
|
||||
mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE"));
|
||||
}
|
||||
}
|
||||
|
||||
return new LccOidcUser(
|
||||
mappedAuthorities,
|
||||
oidcUser.getIdToken(),
|
||||
oidcUser.getUserInfo(),
|
||||
"preferred_username",
|
||||
userId
|
||||
);
|
||||
if (user != null) {
|
||||
user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName()));
|
||||
user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase())));
|
||||
}
|
||||
|
||||
log.info("=== OIDC User Service completed successfully ===");
|
||||
|
||||
return new LccOidcUser(
|
||||
mappedAuthorities,
|
||||
oidcUser.getIdToken(),
|
||||
oidcUser.getUserInfo(),
|
||||
"preferred_username",
|
||||
userId
|
||||
);
|
||||
|
||||
} catch (Exception e) {
|
||||
log.error("=== FATAL ERROR in oidcUserService ===", e);
|
||||
log.error("Exception type: {}", e.getClass().getName());
|
||||
log.error("Exception message: {}", e.getMessage());
|
||||
log.error("Stack trace:", e);
|
||||
throw e; // Re-throw to maintain Spring Security behavior
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue