|
|
|
@@ -0,0 +1,82 @@
|
|
|
|
|
# Add Windows Login Diagnostic Logs
|
|
|
|
|
|
|
|
|
|
## Goal
|
|
|
|
|
|
|
|
|
|
Add safe server-side diagnostic logs to the login/authentication path so a Windows-built deployment that returns `用户名或密码不正确。` can be diagnosed without exposing passwords, password hashes, or database credentials.
|
|
|
|
|
|
|
|
|
|
## What I Already Know
|
|
|
|
|
|
|
|
|
|
* The previous frontend rebuild task is solved and has been archived.
|
|
|
|
|
* On the Windows system build, login now reaches the invalid-credentials path: `用户名或密码不正确。`
|
|
|
|
|
* The user believes the database connection is probably already working.
|
|
|
|
|
* Existing login flow is `LoginServlet` -> `AuthServiceImpl` -> `JdbcUserDao.findActiveByUsername` -> `JdbcUtil`.
|
|
|
|
|
* `AuthServiceImpl` currently logs only generic login failure/success/service-error messages.
|
|
|
|
|
* Existing backend specs require login failures to keep the same generic user-facing message and to log server-side details for unavailable services.
|
|
|
|
|
|
|
|
|
|
## Requirements
|
|
|
|
|
|
|
|
|
|
* Add diagnostic logging around login POST handling, authentication lookup, password verification outcome, and database configuration/connection attempts.
|
|
|
|
|
* Logs must help distinguish:
|
|
|
|
|
* request reached `LoginServlet`;
|
|
|
|
|
* username normalization changed the submitted username;
|
|
|
|
|
* active user row was not found;
|
|
|
|
|
* user row was found but password verification failed;
|
|
|
|
|
* database configuration was loaded and which JDBC URL/user key were used, with secrets redacted;
|
|
|
|
|
* JDBC driver/connection failures if they happen.
|
|
|
|
|
* Do not log raw passwords, password hashes, salts, database passwords, or full sensitive config values.
|
|
|
|
|
* Preserve the current user-facing Chinese error message and login behavior.
|
|
|
|
|
* Keep the implementation in the existing Servlet + service + DAO + JDBC stack.
|
|
|
|
|
* Prefer `java.util.logging` patterns already used in the project.
|
|
|
|
|
* Document and seed explicit local/demo initial credentials so new deployments are not blocked by unrecoverable password hashes:
|
|
|
|
|
* `admin` / `admin123`
|
|
|
|
|
* `librarian` / `librarian123`
|
|
|
|
|
* `reader` / `reader123`
|
|
|
|
|
* Make clear that these demo passwords are for local scaffold verification only and must be changed or removed before non-local/production use.
|
|
|
|
|
|
|
|
|
|
## Acceptance Criteria
|
|
|
|
|
|
|
|
|
|
* [x] Login failure logs identify whether the username was absent, not found, or found with password mismatch.
|
|
|
|
|
* [x] Login request logs include safe request diagnostics such as remote address, context path, redirect presence, and submitted username length or sanitized username.
|
|
|
|
|
* [x] Database logs confirm `db.properties` loading and JDBC connection attempts with password redacted.
|
|
|
|
|
* [x] No log statement outputs a raw password, password hash, salt, or database password.
|
|
|
|
|
* [x] Existing login success/failure behavior remains unchanged for users.
|
|
|
|
|
* [x] `mvn test` or the closest available Maven verification command succeeds.
|
|
|
|
|
* [x] README lists the local/demo initial login accounts and passwords with an explicit non-production warning.
|
|
|
|
|
* [x] `schema.sql` seed user hashes verify against the documented demo passwords for new deployments.
|
|
|
|
|
* [x] Existing deployments have a documented SQL reset path or warning explaining that `INSERT IGNORE` will not overwrite existing user rows.
|
|
|
|
|
|
|
|
|
|
## Definition Of Done
|
|
|
|
|
|
|
|
|
|
* Diagnostic logging implemented in source.
|
|
|
|
|
* Maven verification run and results reported.
|
|
|
|
|
* No database schema changes.
|
|
|
|
|
* No unrelated frontend/layout changes.
|
|
|
|
|
|
|
|
|
|
## Out Of Scope
|
|
|
|
|
|
|
|
|
|
* Changing password hashing rules or seed user credentials.
|
|
|
|
|
* Adding a new logging framework.
|
|
|
|
|
* Changing database schema or production credentials.
|
|
|
|
|
* Reworking the login UI.
|
|
|
|
|
* Committing generated build artifacts.
|
|
|
|
|
|
|
|
|
|
## Technical Notes
|
|
|
|
|
|
|
|
|
|
* Likely impacted files:
|
|
|
|
|
* `src/main/java/com/mzh/library/controller/LoginServlet.java`
|
|
|
|
|
* `src/main/java/com/mzh/library/service/impl/AuthServiceImpl.java`
|
|
|
|
|
* `src/main/java/com/mzh/library/dao/impl/JdbcUserDao.java`
|
|
|
|
|
* `src/main/java/com/mzh/library/util/JdbcUtil.java`
|
|
|
|
|
* Relevant specs:
|
|
|
|
|
* `.trellis/spec/backend/logging-guidelines.md`
|
|
|
|
|
* `.trellis/spec/backend/database-guidelines.md`
|
|
|
|
|
* `.trellis/spec/backend/quality-guidelines.md`
|
|
|
|
|
* Verification completed at 2026-04-28 18:22 +0800:
|
|
|
|
|
* `/home/sjy/.sdkman/candidates/maven/current/bin/mvn test` passed with `BUILD SUCCESS`.
|
|
|
|
|
* `/home/sjy/.sdkman/candidates/maven/current/bin/mvn package` passed with `BUILD SUCCESS` and produced `target/library-management.war`.
|
|
|
|
|
* `git diff --check` passed.
|
|
|
|
|
* Sensitive logger scan only found boolean password state fields, `password=<redacted>`, and `password-mismatch` category labels.
|
|
|
|
|
* Verification completed at 2026-04-28 18:33 +0800:
|
|
|
|
|
* `PasswordHasher.verify` returned `true` for `admin/admin123`, `librarian/librarian123`, and `reader/reader123` against the updated `schema.sql` PBKDF2 hashes.
|
|
|
|
|
* `/home/sjy/.sdkman/candidates/maven/current/bin/mvn verify` passed with `BUILD SUCCESS`.
|
|
|
|
|
* `git diff --check` passed.
|
Zzzz