PL-7949 Add logging for REST v2 operations

modules/rest-api/src/com/haulmont/restapi/auth/ClientProxyTokenStore.java

@@ -25,6 +25,8 @@ import com.haulmont.cuba.security.app.LoginService;
 import com.haulmont.cuba.security.global.LoginException;
 import com.haulmont.cuba.security.global.UserSession;
 import com.haulmont.restapi.config.RestApiConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
@@ -59,6 +61,8 @@ public class ClientProxyTokenStore implements TokenStore {
 
     protected AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator();
 
+    private Logger log = LoggerFactory.getLogger(ClientProxyTokenStore.class);
+
     @Override
     public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
         return  readAuthentication(token.getValue());
@@ -82,6 +86,7 @@ public class ClientProxyTokenStore implements TokenStore {
                 authenticationKey,
                 serializeAuthentication(authentication));
         processSession(authentication, token.getValue());
+        log.info("REST API access token stored: [{}] {}", authentication.getPrincipal(), token.getValue()) ;
     }
 
     @Override

modules/rest-api/src/com/haulmont/restapi/auth/CubaRestLoggingFilter.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2008-2016 Haulmont.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.haulmont.restapi.auth;
+
+import com.google.common.base.Strings;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+/**
+ * Filter logs all REST API methods access.
+ */
+public class CubaRestLoggingFilter implements Filter {
+
+    private Logger log = LoggerFactory.getLogger(CubaRestLoggingFilter.class);
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {}
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        if (log.isDebugEnabled()) {
+            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+            if (authentication != null) {
+                String tokenValue = "";
+                if (authentication instanceof CubaAnonymousAuthenticationToken) {
+                    tokenValue = "anonymous";
+                }
+                if (authentication.getDetails() instanceof OAuth2AuthenticationDetails){
+                    tokenValue = ((OAuth2AuthenticationDetails) authentication.getDetails()).getTokenValue();
+                }
+                log.debug("REST API request [{}] {} {} {}",
+                        tokenValue,
+                        ((HttpServletRequest) request).getMethod(),
+                        getRequestURL((HttpServletRequest) request),
+                        request.getRemoteAddr());
+            }
+        }
+        chain.doFilter(request, response);
+    }
+
+    protected String getRequestURL(HttpServletRequest request) {
+        return request.getRequestURL() +
+                (!Strings.isNullOrEmpty(request.getQueryString()) ? "?" + request.getQueryString() : "");
+    }
+
+    @Override
+    public void destroy() {}
+}

modules/rest-api/src/com/haulmont/restapi/auth/CubaUserAuthenticationProvider.java

@@ -78,6 +78,7 @@ public class CubaUserAuthenticationProvider implements AuthenticationProvider, S
                 result.setDetails(details);
                 return result;
             } catch (LoginException e) {
+                log.error("REST API authentication failed: {} {}", login, ipAddress);
                 throw new BadCredentialsException("Bad credentials");
             }
         }

modules/rest-api/src/cuba-rest-dispatcher-spring.xml

@@ -116,10 +116,13 @@
         <cors configuration-source-ref="cuba_RestCorsSource"/>
         <custom-filter ref="resourceFilter" before="PRE_AUTH_FILTER"/>
         <custom-filter ref="cuba_AnonymousAuthenticationFilter" after="PRE_AUTH_FILTER"/>
+        <custom-filter ref="cuba_RestLoggingFilter" position="LAST"/>
     </security:http>
 
     <bean id="cuba_AnonymousAuthenticationFilter" class="com.haulmont.restapi.auth.CubaAnonymousAuthenticationFilter"/>
 
+    <bean id="cuba_RestLoggingFilter" class="com.haulmont.restapi.auth.CubaRestLoggingFilter"/>
+
     <bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
         <property name="realmName" value="rest-api" />
     </bean>