diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java index 81511b7ad8..c55785ea41 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolver.java @@ -192,7 +192,8 @@ public final class JwtIssuerAuthenticationManagerResolver implements Authenticat return authenticationManager; } else { - this.logger.debug("Did not resolve AuthenticationManager since issuer is not trusted"); + this.logger.debug(LogMessage + .format("Did not resolve AuthenticationManager since issuer '%s' is not trusted", issuer)); } return null; } diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java index 1bc75bee7d..52f4411c0e 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java @@ -25,10 +25,13 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.function.Predicate; import com.nimbusds.jwt.JWTParser; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import reactor.core.publisher.Mono; import reactor.core.scheduler.Schedulers; import org.springframework.core.convert.converter.Converter; +import org.springframework.core.log.LogMessage; import org.springframework.lang.NonNull; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.ReactiveAuthenticationManager; @@ -169,6 +172,8 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver static class TrustedIssuerJwtAuthenticationManagerResolver implements ReactiveAuthenticationManagerResolver { + private final Log logger = LogFactory.getLog(getClass()); + private final Map> authenticationManagers = new ConcurrentHashMap<>(); private final Predicate trustedIssuer; @@ -180,11 +185,14 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver @Override public Mono resolve(String issuer) { if (!this.trustedIssuer.test(issuer)) { + this.logger.debug(LogMessage + .format("Did not resolve AuthenticationManager since issuer '%s' is not trusted", issuer)); return Mono.empty(); } // @formatter:off return this.authenticationManagers.computeIfAbsent(issuer, (k) -> Mono.fromCallable(() -> new JwtReactiveAuthenticationManager(ReactiveJwtDecoders.fromIssuerLocation(k))) + .doOnNext((manager) -> this.logger.debug(LogMessage.format("Resolved AuthenticationManager for issuer '%s'", issuer))) .subscribeOn(Schedulers.boundedElastic()) .cache((manager) -> Duration.ofMillis(Long.MAX_VALUE), (ex) -> Duration.ZERO, () -> Duration.ZERO) );