Updates based on peer feedback

Author: georgweiss

app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementController.java

@@ -162,7 +162,7 @@ private void configureCellFactory() {
         Callback<TableColumn<ServiceItem, ServiceItem>, TableCell<ServiceItem, ServiceItem>> actionColumnCellFactory = new Callback<>() {
             @Override
             public TableCell<ServiceItem, ServiceItem> call(final TableColumn<ServiceItem, ServiceItem> param) {
-                final TableCell<ServiceItem, ServiceItem> cell = new TableCell<>() {
+                return new TableCell<>() {
 
                     private final Button btn = new Button(Messages.LogoutButtonText);
 
@@ -194,7 +194,6 @@ public void updateItem(ServiceItem serviceItem, boolean empty) {
                         }
                     }
                 };
-                return cell;
             }
         };
         actionButtonColumn.setCellFactory(actionColumnCellFactory);
@@ -381,7 +380,7 @@ public AuthenticationStatus login() {
                             username.get(),
                             password.get()));
                 } catch (Exception e) {
-                    throw new RuntimeException(e);
+                    LOGGER.log(Level.WARNING, "Failed to store user credentials");
                 }
             }
             this.authenticationStatus.set(authenticationStatus);

app/logbook/olog/client-es/src/main/java/org/phoebus/applications/logbook/authentication/OlogServiceAuthenticationProvider.java

@@ -20,42 +20,20 @@
 
 import org.phoebus.olog.es.api.OlogHttpClient;
 import org.phoebus.security.authorization.AuthenticationStatus;
-import org.phoebus.security.authorization.ServiceAuthenticationException;
 import org.phoebus.security.authorization.ServiceAuthenticationProvider;
 import org.phoebus.security.tokens.AuthenticationScope;
 
-import java.net.ConnectException;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
 public class OlogServiceAuthenticationProvider implements ServiceAuthenticationProvider {
 
     private final AuthenticationScope ologAuthenticationScope;
 
-    private final Logger logger = Logger.getLogger(OlogServiceAuthenticationProvider.class.getName());
-
     public OlogServiceAuthenticationProvider() {
         ologAuthenticationScope = new OlogAuthenticationScope();
     }
 
     @Override
     public AuthenticationStatus authenticate(String username, String password) {
-        try {
-            OlogHttpClient.builder().build().authenticate(username, password);
-            return AuthenticationStatus.AUTHENTICATED;
-        } catch (ConnectException e) {
-            logger.log(Level.WARNING, "Unable to connect to logbook service");
-            return AuthenticationStatus.SERVICE_OFFLINE;
-        } catch (ServiceAuthenticationException e){
-            logger.log(Level.WARNING, "User " + username + " not authenticated");
-            return AuthenticationStatus.BAD_CREDENTIALS;
-        }
-        catch (Exception e) {
-            // NOTE!!! Exception message and/or stack trace could contain request URL and consequently
-            // user's password, so do not log or propagate it.
-            logger.log(Level.WARNING, "Failed to authenticate user " + username + " with logbook service, reason unknown");
-            return AuthenticationStatus.UNKNOWN_ERROR;
-        }
+        return OlogHttpClient.builder().build().authenticate(username, password);
     }
 
     @Override

app/logbook/olog/client-es/src/main/java/org/phoebus/olog/es/api/OlogHttpClient.java

@@ -26,9 +26,8 @@
 import org.phoebus.olog.es.api.model.OlogObjectMappers;
 import org.phoebus.olog.es.api.model.OlogSearchResult;
 import org.phoebus.olog.es.authentication.LoginCredentials;
-import org.phoebus.security.authorization.ServiceAuthenticationException;
+import org.phoebus.security.authorization.AuthenticationStatus;
 import org.phoebus.security.store.SecureStore;
-import org.phoebus.security.tokens.AuthenticationScope;
 import org.phoebus.security.tokens.ScopedAuthenticationToken;
 import org.phoebus.util.http.HttpRequestMultipartBody;
 import org.phoebus.util.http.QueryParamsHelper;
@@ -131,14 +130,13 @@ public static Builder builder() {
      * Disallow instantiation.
      */
     private OlogHttpClient(String userName, String password) {
-        if(Preferences.connectTimeout > 0){
+        if (Preferences.connectTimeout > 0) {
             httpClient = HttpClient.newBuilder()
                     .cookieHandler(new CookieManager(null, CookiePolicy.ACCEPT_ALL))
                     .followRedirects(HttpClient.Redirect.ALWAYS)
                     .connectTimeout(Duration.ofMillis(Preferences.connectTimeout))
                     .build();
-        }
-        else{
+        } else {
             httpClient = HttpClient.newBuilder()
                     .cookieHandler(new CookieManager(null, CookiePolicy.ACCEPT_ALL))
                     .followRedirects(HttpClient.Redirect.ALWAYS)
@@ -361,20 +359,30 @@ public void groupLogEntries(List<Long> logEntryIds) throws LogbookException {
      *
      * @param userName Username, must not be <code>null</code>.
      * @param password Password, must not be <code>null</code>.
-     * @throws Exception if the login fails, e.g. bad credentials or service off-line.
+     * @return An {@link AuthenticationStatus} to indicate the outcome of the login attempt.
      */
-    public void authenticate(String userName, String password) throws Exception {
+    public AuthenticationStatus authenticate(String userName, String password) {
         String stringBuilder = Preferences.olog_url +
                 "/login";
-        HttpRequest request = HttpRequest.newBuilder()
-                .uri(URI.create(stringBuilder))
-                .header("Content-Type", CONTENT_TYPE_JSON)
-                .POST(HttpRequest.BodyPublishers.ofString(OBJECT_MAPPER.writeValueAsString(new LoginCredentials(userName, password))))
-                .build();
-        HttpResponse<String> response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
-        if (response.statusCode() == 401) {
-            throw new ServiceAuthenticationException("Failed to login: user not authorized");
+        try {
+            HttpRequest request = HttpRequest.newBuilder()
+                    .uri(URI.create(stringBuilder))
+                    .header("Content-Type", CONTENT_TYPE_JSON)
+                    .POST(HttpRequest.BodyPublishers.ofString(OBJECT_MAPPER.writeValueAsString(new LoginCredentials(userName, password))))
+                    .build();
+            HttpResponse<String> response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
+            if (response.statusCode() == 401) {
+                LOGGER.log(Level.WARNING, "User not authenticated with logbook service");
+                return AuthenticationStatus.BAD_CREDENTIALS;
+            }
+        } catch (ConnectException e) {
+            LOGGER.log(Level.WARNING, "Cannot connect to logbook service");
+            return AuthenticationStatus.SERVICE_OFFLINE;
+        } catch (Exception e) {
+            LOGGER.log(Level.WARNING, "Unable to send authentication request to service, reason unknown");
+            return AuthenticationStatus.UNKNOWN_ERROR;
         }
+        return AuthenticationStatus.AUTHENTICATED;
     }
 
     /**
@@ -469,7 +477,7 @@ public InputStream getAttachment(Long logId, String attachmentName) {
                     .GET()
                     .build();
             HttpResponse<InputStream> response = httpClient.send(request, HttpResponse.BodyHandlers.ofInputStream());
-            if(response.statusCode() >= 300) {
+            if (response.statusCode() >= 300) {
                 LOGGER.log(Level.WARNING, "failed to obtain attachment: " + new String(response.body().readAllBytes()));
                 return null;
             }
@@ -556,7 +564,7 @@ public LogTemplate saveTemplate(LogTemplate template) throws LogbookException {
     }
 
     @Override
-    public Collection<LogEntryLevel> listLevels(){
+    public Collection<LogEntryLevel> listLevels() {
         HttpRequest request = HttpRequest.newBuilder()
                 .uri(URI.create(Preferences.olog_url + "/levels"))
                 .GET()

app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/authentication/SaveAndRestoreAuthenticationProvider.java

@@ -21,45 +21,23 @@
 
 import org.phoebus.applications.saveandrestore.ui.SaveAndRestoreService;
 import org.phoebus.security.authorization.AuthenticationStatus;
-import org.phoebus.security.authorization.ServiceAuthenticationException;
 import org.phoebus.security.authorization.ServiceAuthenticationProvider;
 import org.phoebus.security.tokens.AuthenticationScope;
 
-import java.net.ConnectException;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
 /**
  * Authentication provider for the save-and-restore service.
  */
 public class SaveAndRestoreAuthenticationProvider implements ServiceAuthenticationProvider {
 
     private final AuthenticationScope saveAndRestoreAuthenticationScope;
-    private final Logger logger = Logger.getLogger(SaveAndRestoreAuthenticationProvider.class.getName());
 
     public SaveAndRestoreAuthenticationProvider() {
         saveAndRestoreAuthenticationScope = new SaveAndRestoreAuthenticationScope();
     }
 
     @Override
     public AuthenticationStatus authenticate(String username, String password) {
-        SaveAndRestoreService saveAndRestoreService = SaveAndRestoreService.getInstance();
-        try {
-            saveAndRestoreService.authenticate(username, password);
-            logger.log(Level.INFO, "User " + username + " successfully signed in");
-            return AuthenticationStatus.AUTHENTICATED;
-        } catch (ConnectException e) {
-            logger.log(Level.WARNING, "Unable to connect to save&restore service");
-            return AuthenticationStatus.SERVICE_OFFLINE;
-        } catch (ServiceAuthenticationException e) {
-            logger.log(Level.WARNING, "User " + username + " not authenticated");
-            return AuthenticationStatus.BAD_CREDENTIALS;
-        } catch (Exception e) {
-            // NOTE!!! Exception message and/or stack trace could contain request URL and consequently
-            // user's password, so do not log or propagate it.
-            logger.log(Level.WARNING, "Failed to authenticate user " + username + " with save&restore service, reason unknown");
-            return AuthenticationStatus.UNKNOWN_ERROR;
-        }
+        return SaveAndRestoreService.getInstance().authenticate(username, password);
     }
 
     @Override

app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClient.java

@@ -32,6 +32,7 @@
 import org.phoebus.applications.saveandrestore.model.TagData;
 import org.phoebus.applications.saveandrestore.model.search.Filter;
 import org.phoebus.applications.saveandrestore.model.search.SearchResult;
+import org.phoebus.security.authorization.AuthenticationStatus;
 
 import javax.ws.rs.core.MultivaluedMap;
 import java.util.List;
@@ -247,9 +248,9 @@ public interface SaveAndRestoreClient {
      *
      * @param userName User's account name
      * @param password User's password
-     * @throws Exception e.g. if service is off-line or if user credentials are rejected.
+     * @return An {@link AuthenticationStatus} to indicate the outcome of the login attempt.
      */
-    void authenticate(String userName, String password) throws Exception;
+    AuthenticationStatus authenticate(String userName, String password);
 
     /**
      * Requests service to restore the specified {@link SnapshotItem}s

app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClientImpl.java

@@ -26,12 +26,13 @@
 import org.phoebus.applications.saveandrestore.model.TagData;
 import org.phoebus.applications.saveandrestore.model.search.Filter;
 import org.phoebus.applications.saveandrestore.model.search.SearchResult;
-import org.phoebus.security.authorization.ServiceAuthenticationException;
+import org.phoebus.security.authorization.AuthenticationStatus;
 import org.phoebus.security.store.SecureStore;
 import org.phoebus.security.tokens.ScopedAuthenticationToken;
 import org.phoebus.util.http.QueryParamsHelper;
 
 import javax.ws.rs.core.MultivaluedMap;
+import java.net.ConnectException;
 import java.net.CookieHandler;
 import java.net.CookieManager;
 import java.net.CookiePolicy;
@@ -576,18 +577,28 @@ public List<Node> deleteTag(TagData tagData) {
      * @return {@inheritDoc}
      */
     @Override
-    public void authenticate(String userName, String password) throws Exception {
+    public AuthenticationStatus authenticate(String userName, String password) {
         String stringBuilder = Preferences.jmasarServiceUrl +
                 "/login";
-        HttpRequest request = HttpRequest.newBuilder()
-                .uri(URI.create(stringBuilder))
-                .header("Content-Type", CONTENT_TYPE_JSON)
-                .POST(HttpRequest.BodyPublishers.ofString(OBJECT_MAPPER.writeValueAsString(new LoginCredentials(userName, password))))
-                .build();
-        HttpResponse<String> response = CLIENT.send(request, HttpResponse.BodyHandlers.ofString());
-        if (response.statusCode() == 401) {
-            throw new ServiceAuthenticationException("User not authenticated with save&restore service");
+        try {
+            HttpRequest request = HttpRequest.newBuilder()
+                    .uri(URI.create(stringBuilder))
+                    .header("Content-Type", CONTENT_TYPE_JSON)
+                    .POST(HttpRequest.BodyPublishers.ofString(OBJECT_MAPPER.writeValueAsString(new LoginCredentials(userName, password))))
+                    .build();
+            HttpResponse<String> response = CLIENT.send(request, HttpResponse.BodyHandlers.ofString());
+            if (response.statusCode() == 401) {
+                LOGGER.log(Level.WARNING, "User not authenticated with save&restore service");
+                return AuthenticationStatus.BAD_CREDENTIALS;
+            }
+        } catch (ConnectException e) {
+            LOGGER.log(Level.WARNING, "Cannot connect to save&restore service");
+            return AuthenticationStatus.SERVICE_OFFLINE;
+        } catch (Exception e) {
+            LOGGER.log(Level.WARNING, "Unable to send authentication request to service, reason unknown");
+            return AuthenticationStatus.UNKNOWN_ERROR;
         }
+        return AuthenticationStatus.AUTHENTICATED;
     }
 
     /**

app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/SaveAndRestoreService.java

@@ -39,6 +39,7 @@
 import org.phoebus.pv.PV;
 import org.phoebus.pv.PVPool;
 import org.phoebus.saveandrestore.util.VNoData;
+import org.phoebus.security.authorization.AuthenticationStatus;
 import org.phoebus.util.time.TimestampFormats;
 
 import javax.ws.rs.core.MultivaluedMap;
@@ -319,10 +320,10 @@ public List<Node> deleteTag(TagData tagData) throws Exception {
      *
      * @param userName User's account name
      * @param password User's password
-     * @throws Exception if authentication fails, e.g. service off-line or invalid credentials
+     * @return An {@link AuthenticationStatus} to indicate the outcome of the login attempt.
      */
-    public void authenticate(String userName, String password) throws Exception {
-        saveAndRestoreClient.authenticate(userName, password);
+    public AuthenticationStatus authenticate(String userName, String password) {
+        return saveAndRestoreClient.authenticate(userName, password);
     }
 
     /**