Add FINE logging to help identify issuer mismatches

krowvin · MikeNeilson · commit be4b8e321b58 · 2026-04-08T07:17:27.000-07:00
diff --git a/cwms-data-api/src/main/java/cwms/cda/security/OpenIdConnectIdentitityProvider.java b/cwms-data-api/src/main/java/cwms/cda/security/OpenIdConnectIdentitityProvider.java
@@ -115,6 +115,10 @@ private DataApiPrincipal getUserFromToken(Context ctx) throws CwmsAuthException
                 throw new CwmsAuthException("Not Authorized",HttpServletResponse.SC_UNAUTHORIZED);
             }
         } catch (NumberFormatException | JwtException ex) {
+            log.atFine().withCause(ex).log(
+                "JWT validation failed for bearer token from issuer configuration '%s'",
+                System.getProperty(ISSUER_PROPERTY, System.getenv(ISSUER_PROPERTY))
+            );
             throw new CwmsAuthException("JWT not valid",ex,HttpServletResponse.SC_UNAUTHORIZED);
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -115,6 +115,10 @@ private DataApiPrincipal getUserFromToken(Context ctx) throws CwmsAuthException`
`115`	`115`	`throw new CwmsAuthException("Not Authorized",HttpServletResponse.SC_UNAUTHORIZED);`
`116`	`116`	`}`
`117`	`117`	`} catch (NumberFormatException \| JwtException ex) {`
	`118`	`+ log.atFine().withCause(ex).log(`
	`119`	`+ "JWT validation failed for bearer token from issuer configuration '%s'",`
	`120`	`+ System.getProperty(ISSUER_PROPERTY, System.getenv(ISSUER_PROPERTY))`
	`121`	`+ );`
`118`	`122`	`throw new CwmsAuthException("JWT not valid",ex,HttpServletResponse.SC_UNAUTHORIZED);`
`119`	`123`	`}`
`120`	`124`	`}`