Refine logging on revocation failures.

We now log token accessors if a token revocation has failed.

Closes gh-766

Author: mp911de

spring-vault-core/src/main/java/org/springframework/vault/authentication/LifecycleAwareSessionManager.java

@@ -24,6 +24,7 @@
 import org.springframework.scheduling.TaskScheduler;
 import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
+import org.springframework.util.StringUtils;
 import org.springframework.vault.VaultException;
 import org.springframework.vault.authentication.event.*;
 import org.springframework.vault.client.VaultHttpHeaders;
@@ -167,7 +168,14 @@ protected void revoke(VaultToken token) {
 			dispatch(new AfterLoginTokenRevocationEvent(token));
 		}
 		catch (RuntimeException e) {
-			this.logger.warn(String.format("Cannot revoke VaultToken: %s", token.getToken()), e);
+			if (LoginToken.hasAccessor(token)) {
+				this.logger.warn(
+						String.format("Cannot revoke VaultToken with accessor: %s", ((LoginToken) token).getAccessor()),
+						e);
+			}
+			else {
+				this.logger.warn("Cannot revoke VaultToken", e);
+			}
 			dispatch(new LoginTokenRevocationFailedEvent(token, e));
 		}
 	}

spring-vault-core/src/main/java/org/springframework/vault/authentication/LoginToken.java

@@ -18,8 +18,11 @@
 import java.time.Duration;
 import java.util.Arrays;
 
+import org.apache.commons.logging.Log;
+
 import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 import org.springframework.vault.support.VaultToken;
 
 /**
@@ -202,6 +205,10 @@ public static LoginToken renewable(char[] token, Duration leaseDuration) {
 		return new LoginToken(token, leaseDuration, true, null, null);
 	}
 
+	static boolean hasAccessor(VaultToken token) {
+		return token instanceof LoginToken && StringUtils.hasText(((LoginToken) token).getAccessor());
+	}
+
 	/**
 	 * @return the lease duration in seconds. May be {@literal 0} if none.
 	 */

spring-vault-core/src/main/java/org/springframework/vault/authentication/ReactiveLifecycleAwareSessionManager.java

@@ -26,6 +26,7 @@
 import org.springframework.scheduling.TaskScheduler;
 import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
+import org.springframework.util.StringUtils;
 import org.springframework.vault.VaultException;
 import org.springframework.vault.authentication.event.*;
 import org.springframework.vault.client.VaultHttpHeaders;
@@ -168,19 +169,23 @@ protected Mono<Void> revoke(VaultToken token) {
 		}).retrieve().bodyToMono(String.class)
 				.doOnSubscribe(ignore -> dispatch(new BeforeLoginTokenRevocationEvent(token)))
 				.doOnNext(ignore -> dispatch(new AfterLoginTokenRevocationEvent(token)))
-				.onErrorResume(WebClientResponseException.class, e -> {
+				.onErrorResume(WebClientResponseException.class, e -> onRevokeFailed(token, e))
+				.onErrorResume(Exception.class, e -> onRevokeFailed(token, e)).then();
+	}
 
-					this.logger.warn(format("Could not revoke token", e));
-					dispatch(new LoginTokenRevocationFailedEvent(token, e));
+	private Mono<String> onRevokeFailed(VaultToken token, Throwable e) {
 
-					return Mono.empty();
-				}).onErrorResume(Exception.class, e -> {
+		if (LoginToken.hasAccessor(token)) {
+			this.logger.warn(
+					String.format("Cannot revoke VaultToken with accessor: %s", ((LoginToken) token).getAccessor()), e);
+		}
+		else {
+			this.logger.warn("Cannot revoke VaultToken", e);
+		}
 
-					this.logger.warn("Could not revoke token", e);
-					dispatch(new LoginTokenRevocationFailedEvent(token, e));
+		dispatch(new LoginTokenRevocationFailedEvent(token, e));
 
-					return Mono.empty();
-				}).then();
+		return Mono.empty();
 	}
 
 	/**