always debug the user dn role mapping

When debugging role mapping it is useful to know the actual user DN, which is only logged
when something is actually mapped to the DN. Since this is logged at debug level, we should
always log it.

Original commit: elastic/x-pack-elasticsearch@b690c757d3
This commit is contained in:
jaymode 2016-01-05 12:37:52 -05:00
parent 338e292d2f
commit 94ce98ad9f
1 changed files with 5 additions and 3 deletions

View File

@ -22,6 +22,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@ -168,9 +169,10 @@ public class DnRoleMapper {
Set<String> rolesMappedToUserDn = dnRoles.get(userDn);
if (rolesMappedToUserDn != null) {
roles.addAll(rolesMappedToUserDn);
if (logger.isDebugEnabled()) {
logger.debug("the roles [{}], are mapped from the user [{}] for realm [{}/{}]", roles, realmType, userDnString, realmType, config.name());
}
if (logger.isDebugEnabled()) {
logger.debug("the roles [{}], are mapped from the user [{}] for realm [{}/{}]",
(rolesMappedToUserDn == null) ? Collections.emptySet() : rolesMappedToUserDn, realmType, userDnString, realmType, config.name());
}
return roles;
}