feat: enhance SecurityFilter with detailed logging for token validation and user authentication

OtavioXimarelli · OtavioXimarelli · commit 6307bdd8eeb7 · 2025-06-23T19:12:17.000-03:00
diff --git a/src/main/java/com/otavio/aifoodapp/security/SecurityFilter.java b/src/main/java/com/otavio/aifoodapp/security/SecurityFilter.java
@@ -6,18 +6,19 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import java.io.IOException;
 
 
 @Component
-
 public class SecurityFilter extends OncePerRequestFilter {
+    private static final Logger logger = LoggerFactory.getLogger(SecurityFilter.class);
     private final TokenService tokenService;
     private final UserRepository userRepository;
 
@@ -30,15 +31,24 @@ public SecurityFilter(TokenService tokenService, UserRepository userRepository)
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
         var token = this.recoverToken(request);
         if (token != null) {
+            logger.trace("Token found: {}", token);
             var login = tokenService.validateToken(token);
             if (login != null && !login.isEmpty()) {
-                var userExists = userRepository.findByLogin(login);
-                if (userExists != null) {
-                    UserDetails user = userExists;
+                logger.trace("Token validated for login: {}", login);
+                var user = userRepository.findByLogin(login);
+                if (user != null) {
+                    logger.trace("User found in database: {}", user.getUsername());
                     var authentication = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
                     SecurityContextHolder.getContext().setAuthentication(authentication);
+                    logger.info("User '{}' authenticated successfully.", login);
+                } else {
+                    logger.warn("User with login '{}' from token not found in database.", login);
                 }
+            } else {
+                logger.warn("Token validation failed. Token: {}", token);
             }
+        } else {
+            logger.trace("No Authorization token found in request to {}", request.getRequestURI());
         }
         filterChain.doFilter(request, response);
     }
@@ -48,4 +58,4 @@ private String recoverToken(HttpServletRequest request) {
         if (authHeader == null) return null;
         return authHeader.replace("Bearer ", "");
     }
-}
+}
