chore: Change log levels for WS and Identity Mapper and add service i…

…nfo (#3344)

* add info about the southbound service request for authsource

Signed-off-by: at670475 <[email protected]>

* add debug msg for websocket routing

Signed-off-by: at670475 <[email protected]>

* address pr comments

Signed-off-by: at670475 <[email protected]>

---------

Signed-off-by: at670475 <[email protected]>

gateway-service/src/main/java/org/zowe/apiml/gateway/security/mapping/ExternalMapper.java

@@ -16,7 +16,6 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
-import org.apache.http.HttpStatus;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.message.BasicHeader;
@@ -25,6 +24,8 @@
 import org.springframework.http.MediaType;
 import org.zowe.apiml.gateway.security.mapping.model.MapperResponse;
 import org.zowe.apiml.gateway.security.service.TokenCreationService;
+import org.zowe.apiml.message.log.ApimlLogger;
+import org.zowe.apiml.product.logging.annotations.InjectApimlLogger;
 import org.zowe.apiml.security.common.config.AuthConfigurationProperties;
 
 import javax.validation.constraints.NotNull;
@@ -45,9 +46,11 @@ public abstract class ExternalMapper {
     private final CloseableHttpClient httpClientProxy;
     private final TokenCreationService tokenCreationService;
     private final AuthConfigurationProperties authConfigurationProperties;
-
     protected static final ObjectMapper objectMapper = new ObjectMapper();
 
+    @InjectApimlLogger
+    protected ApimlLogger apimlLog = ApimlLogger.empty();
+
     MapperResponse callExternalMapper(@NotNull HttpEntity payload) {
         if (StringUtils.isBlank(mapperUrl)) {
             log.warn("Configuration error: External identity mapper URL is not set.");
@@ -73,18 +76,25 @@ MapperResponse callExternalMapper(@NotNull HttpEntity payload) {
             if (httpResponse.getEntity() != null) {
                 response = EntityUtils.toString(httpResponse.getEntity(), StandardCharsets.UTF_8);
             }
-            if (statusCode < HttpStatus.SC_OK || statusCode >= HttpStatus.SC_MULTIPLE_CHOICES) {
-                log.warn("Unexpected response from the external identity mapper. Status: {} body: {}", statusCode, response);
+            if (statusCode == 0) {
+                return null;
+            }
+            if (!org.springframework.http.HttpStatus.valueOf(statusCode).is2xxSuccessful()) {
+                if (org.springframework.http.HttpStatus.valueOf(statusCode).is5xxServerError()) {
+                    apimlLog.log("org.zowe.apiml.gateway.security.unexpectedMappingResponse", statusCode, response);
+                } else {
+                    log.debug("Unexpected response from the external identity mapper. Status: {} body: {}", statusCode, response);
+                }
                 return null;
             }
             log.debug("External identity mapper API returned: {}", response);
             if (StringUtils.isNotEmpty(response)) {
                 return objectMapper.readValue(response, MapperResponse.class);
             }
         } catch (IOException e) {
-            log.warn("Error occurred while communicating with external identity mapper", e);
+            apimlLog.log("org.zowe.apiml.gateway.security.InvalidMappingResponse", e);
         } catch (URISyntaxException e) {
-            log.warn("Configuration error: Failed to construct the external identity mapper URI.", e);
+            apimlLog.log("org.zowe.apiml.gateway.security.InvalidMapperUrl", e);
         }
 
         return null;

gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/schema/source/DefaultAuthSourceService.java

@@ -10,6 +10,7 @@
 
 package org.zowe.apiml.gateway.security.service.schema.source;
 
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
@@ -40,13 +41,14 @@
 @Primary
 @Scope(proxyMode = ScopedProxyMode.TARGET_CLASS)
 @EnableAspectJAutoProxy(proxyTargetClass = true)
+@Slf4j
 public class DefaultAuthSourceService implements AuthSourceService {
     private final Map<AuthSourceType, AuthSourceService> map = new EnumMap<>(AuthSourceType.class);
 
     private final boolean isX509Enabled;
     private final boolean isPATEnabled;
     private final boolean isOIDCEnabled;
-
+    private static final String LOG_MESSAGE = "Authentication request towards the southbound service {} using the auth source {}";
     /**
      * Build the map of the specific implementations of {@link AuthSourceService} for processing of different type of authentications
      *
@@ -106,6 +108,7 @@ public Optional<AuthSource> getAuthSourceFromRequest(HttpServletRequest request)
             service = getService(AuthSourceType.CLIENT_CERT);
             authSource = service.getAuthSourceFromRequest(request);
         }
+        authSource.ifPresent(source -> log.debug(LOG_MESSAGE, request.getRequestURI(), source.getType()));
         return authSource;
     }
 

gateway-service/src/main/java/org/zowe/apiml/gateway/ws/WebSocketProxyClientHandler.java

@@ -80,7 +80,7 @@ static CloseStatus getCloseStatusByError(Throwable exception) {
 
     @Override
     public void handleTransportError(WebSocketSession session, Throwable exception) throws Exception {
-        log.warn("WebSocket transport error in session {}: {}", session.getId(), exception.getMessage());
+        log.debug("WebSocket transport error in session {}: {}", session.getId(), exception.getMessage());
 
         if (webSocketServerSession.isOpen()) {
             webSocketServerSession.close(getCloseStatusByError(exception));

gateway-service/src/main/java/org/zowe/apiml/gateway/ws/WebSocketProxyServerHandler.java

@@ -137,6 +137,7 @@ private void routeToService(WebSocketSession webSocketSession, String serviceId,
         }
 
         try {
+            log.debug("Trying to open a WebSocket connection and route to the {} service", serviceId);
             meAsProxy.openConn(serviceId, service, webSocketSession, path);
         } catch (WebSocketProxyError e) {
             log.debug("Error opening WebSocket connection to: {}, {}", service.getServiceUrl(), e.getMessage());

gateway-service/src/main/resources/gateway-log-messages.yml

@@ -370,6 +370,27 @@ messages:
       reason: "The JWT token or client certificate is not valid"
       action: "Configure your client to provide valid authentication."
 
+    - key: org.zowe.apiml.gateway.security.unexpectedMappingResponse
+      number: ZWEAG169
+      type: ERROR
+      text: "Unexpected response from the external identity mapper. Status: %s body: %s"
+      reason: "The external identity mapper request failed with Internal Error"
+      action: "Verify that ZSS is responding."
+
+    - key: org.zowe.apiml.gateway.security.InvalidMappingResponse
+      number: ZWEAG170
+      type: ERROR
+      text: "Error occurred while trying to parse the response from the external identity mapper. Reason: %s"
+      reason: "The external identity mapper failed when trying to parse the response"
+      action: "Verify that the response is valid."
+
+    - key: org.zowe.apiml.gateway.security.InvalidMapperUrl
+      number: ZWEAG171
+      type: ERROR
+      text: "Configuration error. Failed to construct the external identity mapper URI. Reason: %s"
+      reason: "Failed to construct the external identity mapper URI"
+      action: "Verify that the external identity mapper URL specified in the configuration is valid."
+
     # Revoke personal access token
     - key: org.zowe.apiml.security.query.invalidRevokeRequestBody
       number: ZWEAT607