search

aserto-dev / aserto-spring

Aserto authorization filter for Spring Security.
Apache License 2.0
3 stars 1 forks source link

Incomplete exception logging in AsertoAuthorizationManager #8

Closed reardonm closed 5 months ago

reardonm commented 5 months ago

The AsertoAuthorizationManager class catches and logs exceptions but only logs the exception message, losing the root cause. This can make troubleshooting misconfigurations and other problems difficult, as the root cause of the exception may be lost. Example:

try {
    List<Decision> decisions = authzClient.is(identityCtx, policyCtx, resourceCtx);
    isAllowed = isAllowed(decisions);
} catch (Exception e) {
    log.error("Is call failed [{}]",  e.getMessage());
    return new AuthorizationDecision(false);
}

Suggested Solution:

Change the logging statement to log the full exception chain:

log.error("Is call failed",  e);
ogazitt commented 5 months ago

Thanks @reardonm! We are reviewing this now.

gertd commented 5 months ago

Added in aserto-spring v0.2.2

https://central.sonatype.com/artifact/com.aserto/aserto-spring https://github.com/aserto-dev/aserto-spring