From 1529ef99d79e52ab29a06e63cc04fee11adf6043 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Tue, 28 Jun 2016 10:54:14 +0200
Subject: [PATCH] log authorization summary to trace level

---
 .../scm/security/AuthorizationCollector.java  | 31 +++++++++++++++++++
 .../src/main/resources/logback.default.xml    |  3 ++
 2 files changed, 34 insertions(+)

diff --git a/scm-webapp/src/main/java/sonia/scm/security/AuthorizationCollector.java b/scm-webapp/src/main/java/sonia/scm/security/AuthorizationCollector.java
index 0b9e565c32..94662b878e 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/AuthorizationCollector.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/AuthorizationCollector.java
@@ -35,6 +35,7 @@ package sonia.scm.security;
 
 //~--- non-JDK imports --------------------------------------------------------
 
+import com.google.common.base.Joiner;
 import com.google.common.base.Objects;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Predicate;
@@ -85,6 +86,9 @@ import sonia.scm.user.UserModificationEvent;
 public class AuthorizationCollector
 {
 
+  // TODO move to util class
+  private static final String SEPARATOR = System.getProperty("line.separator", "\n");
+  
   /** Field description */
   private static final String CACHE_NAME = "sonia.cache.authorizing";
 
@@ -359,9 +363,36 @@ public class AuthorizationCollector
     {
       logger.trace("retrieve AuthorizationInfo for user {} from cache", user.getName());
     }
+    
+    if (logger.isTraceEnabled()){
+      logger.trace(createAuthorizationSummary(user, groupNames, info));
+    }
 
     return info;
   }
+  
+  private String createAuthorizationSummary(User user, GroupNames groups, AuthorizationInfo authzInfo)
+  {
+    StringBuilder buffer = new StringBuilder("authorization summary: ");
+    buffer.append(SEPARATOR).append("username   : ").append(user.getName());
+    buffer.append(SEPARATOR).append("groups     : ");
+    append(buffer, groups);
+    buffer.append(SEPARATOR).append("roles      : ");
+    append(buffer, authzInfo.getRoles());
+    buffer.append(SEPARATOR).append("permissions:");
+    append(buffer, authzInfo.getStringPermissions());
+    append(buffer, authzInfo.getObjectPermissions());
+    return buffer.toString();
+  }
+  
+  private void append(StringBuilder buffer, Iterable<?> iterable){
+    if (iterable != null){
+      for ( Object item : iterable )
+      {
+        buffer.append(SEPARATOR).append(" - ").append(item);
+      }      
+    }
+  }
 
   /**
    * Method description
diff --git a/scm-webapp/src/main/resources/logback.default.xml b/scm-webapp/src/main/resources/logback.default.xml
index 290a04a9d1..b384437c72 100644
--- a/scm-webapp/src/main/resources/logback.default.xml
+++ b/scm-webapp/src/main/resources/logback.default.xml
@@ -52,6 +52,9 @@
   
   <logger name="sonia.scm" level="TRACE" />
   
+  <logger name="sonia.scm.security.AuthorizationCollector" level="DEBUG" />
+  <logger name="sonia.scm.web.filter.AutoLoginFilter" level="DEBUG" />
+  
   <!-- suppress massive gzip logging -->
   <logger name="sonia.scm.filter.GZipFilter" level="WARN" />
   <logger name="sonia.scm.filter.GZipResponseStream" level="WARN" />