diff --git a/README.md b/README.md index 25f3ea1d0..13b8b567b 100644 --- a/README.md +++ b/README.md @@ -149,6 +149,7 @@ This process ensures that any issues with the database schema are resolved by re | SUPPORTED_FRAMEWORK_VC_TYPES | Supported framework VC, provide values ie type1=value1,type2=value2 | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace | | ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution | true | | CONTRACT_TEMPLATES_URL | Contract templates URL used in summary VC | https://public.catena-x.org/contracts/ | +| APP_LOG_LEVEL | Log level of application | INFO | | | | | ## Technical Debts and Known issue @@ -157,9 +158,46 @@ This process ensures that any issues with the database schema are resolved by re 2. Policies can be validated dynamically as per request while validating VP and VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies) -3. When you are using MacOS and the MIW docker container won't start up, you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings +3. When you are using MacOS and the MIW docker container won't start up, you can enable the docker-desktop feature "Use + Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings (under "features in development") +## Logging in application + +Log level in application can be set using environment variable ``APP_LOG_LEVEL``. Possible values +are ``OFF, ERROR, WARN, INFO, DEBUG, TRACE`` and default value set to ``INFO`` + +### Change log level at runtime using Spring actuator + +We can use ``/actuator/loggers`` API endpoint of actuator for log related things. This end point can be accessible with +role ``manage_app``. We can add this role to authority wallet client using keycloak as below: + +![manage_app.png](docs%2Fmanage_app.png) + +1. API to get current log settings + +```agsl +curl --location 'http://localhost:8090/actuator/loggers' \ +--header 'Authorization: Bearer access_token' +``` + +2. Change log level at runtime + +```agsl + +curl --location 'http://localhost:8090/actuator/loggers/{java package name}' \ +--header 'Content-Type: application/json' \ +--header 'Authorization: Bearer access_token' \ +--data '{"configuredLevel":"INFO"}' + +i.e. + +curl --location 'http://localhost:8090/actuator/loggers/org.eclipse.tractusx.managedidentitywallets' \ +--header 'Content-Type: application/json' \ +--header 'Authorization: Bearer access_token' \ +--data '{"configuredLevel":"INFO"}' +``` + ## Reference of external lib 1. https://www.testcontainers.org/modules/databases/postgres/ diff --git a/docs/manage_app.png b/docs/manage_app.png new file mode 100644 index 000000000..2a60b6014 Binary files /dev/null and b/docs/manage_app.png differ diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java index d72a1d4cf..a572b373c 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java @@ -61,13 +61,14 @@ public class SecurityConfig { @ConditionalOnProperty(value = "miw.security.enabled", havingValue = "true", matchIfMissing = true) public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.cors().and() - .csrf().and() + .csrf().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeHttpRequests() .requestMatchers(new AntPathRequestMatcher("/")).permitAll() // forwards to swagger .requestMatchers(new AntPathRequestMatcher("/docs/api-docs/**")).permitAll() .requestMatchers(new AntPathRequestMatcher("/ui/swagger-ui/**")).permitAll() .requestMatchers(new AntPathRequestMatcher("/actuator/health/**")).permitAll() + .requestMatchers(new AntPathRequestMatcher("/actuator/loggers/**")).hasRole(ApplicationRole.ROLE_MANAGE_APP) //did document resolve APIs .requestMatchers(new AntPathRequestMatcher(RestURI.DID_RESOLVE, GET.name())).permitAll() //Get did document diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java index d9485abac..a534ad42c 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java @@ -51,4 +51,6 @@ private ApplicationRole() { */ public static final String ROLE_UPDATE_WALLET = "update_wallet"; + public static final String ROLE_MANAGE_APP = "manage_app"; + } diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 99fefc4e5..830837092 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -44,13 +44,15 @@ management: server: port: ${MANAGEMENT_PORT:8090} endpoint: + loggers: + enabled: true health: probes: enabled: true endpoints: web: exposure: - include: '*, pre-stop' + include: '*, pre-stop, loggers' health: db: enabled: true @@ -59,6 +61,14 @@ management: readinessState: enabled: true +# log level +logging: + level: + org: + eclipse: + tractusx: + managedidentitywallets: ${APP_LOG_LEVEL:INFO} + miw: host: ${MIW_HOST_NAME:localhost} encryptionKey: ${ENCRYPTION_KEY:Woh9waid4Ei5eez0aitieghoow9so4oe}