fix: log real status code (#3326)

Signed-off-by: achmelo <[email protected]>
(cherry picked from commit 8a42c17)
Signed-off-by: achmelo <[email protected]>

apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AbstractExceptionHandler.java

@@ -30,8 +30,7 @@
 
 @RequiredArgsConstructor
 public abstract class AbstractExceptionHandler {
-    protected static final String ERROR_MESSAGE_400 = "400 Status Code: {}";
-    protected static final String ERROR_MESSAGE_500 = "500 Status Code: {}";
+    protected static final String MESSAGE_FORMAT = "Status Code {}, error message: {}";
     private static final String CONTENT_TYPE = MediaType.APPLICATION_JSON_VALUE;
 
     protected final MessageService messageService;

apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AuthExceptionHandler.java

@@ -20,7 +20,11 @@
 import org.springframework.stereotype.Component;
 import org.zowe.apiml.message.api.ApiMessageView;
 import org.zowe.apiml.message.core.MessageService;
-import org.zowe.apiml.security.common.token.*;
+import org.zowe.apiml.security.common.token.InvalidTokenTypeException;
+import org.zowe.apiml.security.common.token.TokenExpireException;
+import org.zowe.apiml.security.common.token.TokenFormatNotValidException;
+import org.zowe.apiml.security.common.token.TokenNotProvidedException;
+import org.zowe.apiml.security.common.token.TokenNotValidException;
 
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -89,77 +93,74 @@ private void handleZosAuthenticationException(HttpServletResponse response, ZosA
         writeErrorResponse(message, status, response);
     }
 
-    // 400
     private void handleAuthenticationRequired(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage());
         writeErrorResponse(ErrorType.AUTH_REQUIRED.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response);
     }
 
     private void handleBadCredentials(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage());
         writeErrorResponse(ErrorType.BAD_CREDENTIALS.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response);
     }
 
     private void handleAuthenticationCredentialsNotFound(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.BAD_REQUEST.value(), ex.getMessage());
         writeErrorResponse(ErrorType.AUTH_CREDENTIALS_NOT_FOUND.getErrorMessageKey(), HttpStatus.BAD_REQUEST, request, response);
     }
 
     private void handleAuthMethodNotSupported(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
-        final ApiMessageView message = messageService.createMessage(ErrorType.AUTH_METHOD_NOT_SUPPORTED.getErrorMessageKey(), ex.getMessage(), request.getRequestURI()).mapToView();
         final HttpStatus status = HttpStatus.METHOD_NOT_ALLOWED;
+        log.debug(MESSAGE_FORMAT, status.value(), ex.getMessage());
+        final ApiMessageView message = messageService.createMessage(ErrorType.AUTH_METHOD_NOT_SUPPORTED.getErrorMessageKey(), ex.getMessage(), request.getRequestURI()).mapToView();
         writeErrorResponse(message, status, response);
     }
 
     private void handleTokenNotValid(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage());
         writeErrorResponse(ErrorType.TOKEN_NOT_VALID.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response);
     }
 
     private void handleTokenNotProvided(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage());
         writeErrorResponse(ErrorType.TOKEN_NOT_PROVIDED.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response);
     }
 
     private void handleTokenExpire(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage());
         writeErrorResponse(ErrorType.TOKEN_EXPIRED.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response);
     }
 
     private void handleInvalidCertificate(HttpServletResponse response, RuntimeException ex) {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
         response.setStatus(HttpStatus.FORBIDDEN.value());
+        log.debug(MESSAGE_FORMAT, response.getStatus(), ex.getMessage());
     }
 
     private void handleTokenFormatException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.BAD_REQUEST.value(), ex.getMessage());
         writeErrorResponse(ErrorType.TOKEN_NOT_VALID.getErrorMessageKey(), HttpStatus.BAD_REQUEST, request, response);
     }
 
     private void handleInvalidTokenTypeException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage());
         writeErrorResponse(ErrorType.INVALID_TOKEN_TYPE.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response);
     }
 
     private void handleInvalidAccessTokenBodyException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_400, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.BAD_REQUEST.value(), ex.getMessage());
         writeErrorResponse(ex.getMessage(), HttpStatus.BAD_REQUEST, request, response);
     }
 
-    //500
     private void handleAuthenticationException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_500, ex);
         final ApiMessageView message = messageService.createMessage(ErrorType.AUTH_GENERAL.getErrorMessageKey(), ex.getMessage(), request.getRequestURI()).mapToView();
         final HttpStatus status = HttpStatus.INTERNAL_SERVER_ERROR;
+        log.debug(MESSAGE_FORMAT, status.value(), ex.getMessage());
         writeErrorResponse(message, status, response);
     }
 
     private void handleServiceNotAccessibleException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_500, ex);
-
         final ApiMessageView message = messageService.createMessage(ErrorType.SERVICE_UNAVAILABLE.getErrorMessageKey(), ex.getMessage(), request.getRequestURI()).mapToView();
         final HttpStatus status = HttpStatus.SERVICE_UNAVAILABLE;
+        log.debug(MESSAGE_FORMAT, status.value(), ex.getMessage());
         writeErrorResponse(message, status, response);
     }
 }

apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/ResourceAccessExceptionHandler.java

@@ -10,12 +10,12 @@
 
 package org.zowe.apiml.security.common.error;
 
-import org.zowe.apiml.message.core.MessageService;
-import org.zowe.apiml.product.gateway.GatewayNotAvailableException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Component;
+import org.zowe.apiml.message.core.MessageService;
+import org.zowe.apiml.product.gateway.GatewayNotAvailableException;
 
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -54,12 +54,12 @@ public void handleException(HttpServletRequest request, HttpServletResponse resp
 
     //500
     private void handleGatewayNotAvailable(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_500, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.SERVICE_UNAVAILABLE.value(), ex.getMessage());
         writeErrorResponse(ErrorType.GATEWAY_NOT_AVAILABLE.getErrorMessageKey(), HttpStatus.SERVICE_UNAVAILABLE, request, response);
     }
 
     private void handleServiceNotAccessible(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException {
-        log.debug(ERROR_MESSAGE_500, ex.getMessage());
+        log.debug(MESSAGE_FORMAT, HttpStatus.SERVICE_UNAVAILABLE.value(), ex.getMessage());
         writeErrorResponse(ErrorType.SERVICE_UNAVAILABLE.getErrorMessageKey(), HttpStatus.SERVICE_UNAVAILABLE, request, response);
     }
 }