Book-management-system/.trellis/tasks/archive/2026-04/04-28-windows-login-diagnostic-logs/prd.md

Add Windows Login Diagnostic Logs

Goal

Add safe server-side diagnostic logs to the login/authentication path so a Windows-built deployment that returns 用户名或密码不正确。 can be diagnosed without exposing passwords, password hashes, or database credentials.

What I Already Know

• The previous frontend rebuild task is solved and has been archived.
• On the Windows system build, login now reaches the invalid-credentials path: 用户名或密码不正确。
• The user believes the database connection is probably already working.
• Existing login flow is LoginServlet -> AuthServiceImpl -> JdbcUserDao.findActiveByUsername -> JdbcUtil.
• AuthServiceImpl currently logs only generic login failure/success/service-error messages.
• Existing backend specs require login failures to keep the same generic user-facing message and to log server-side details for unavailable services.

Requirements

• Add diagnostic logging around login POST handling, authentication lookup, password verification outcome, and database configuration/connection attempts.
• Logs must help distinguish:
  • request reached LoginServlet;
  • username normalization changed the submitted username;
  • active user row was not found;
  • user row was found but password verification failed;
  • database configuration was loaded and which JDBC URL/user key were used, with secrets redacted;
  • JDBC driver/connection failures if they happen.
• Do not log raw passwords, password hashes, salts, database passwords, or full sensitive config values.
• Preserve the current user-facing Chinese error message and login behavior.
• Keep the implementation in the existing Servlet + service + DAO + JDBC stack.
• Prefer java.util.logging patterns already used in the project.
• Document and seed explicit local/demo initial credentials so new deployments are not blocked by unrecoverable password hashes:
  • admin / admin123
  • librarian / librarian123
  • reader / reader123
• Make clear that these demo passwords are for local scaffold verification only and must be changed or removed before non-local/production use.

Acceptance Criteria

• Login failure logs identify whether the username was absent, not found, or found with password mismatch.
• Login request logs include safe request diagnostics such as remote address, context path, redirect presence, and submitted username length or sanitized username.
• Database logs confirm db.properties loading and JDBC connection attempts with password redacted.
• No log statement outputs a raw password, password hash, salt, or database password.
• Existing login success/failure behavior remains unchanged for users.
• mvn test or the closest available Maven verification command succeeds.
• README lists the local/demo initial login accounts and passwords with an explicit non-production warning.
• schema.sql seed user hashes verify against the documented demo passwords for new deployments.
• Existing deployments have a documented SQL reset path or warning explaining that INSERT IGNORE will not overwrite existing user rows.

Definition Of Done

• Diagnostic logging implemented in source.
• Maven verification run and results reported.
• No database schema changes.
• No unrelated frontend/layout changes.

Out Of Scope

• Changing password hashing rules or seed user credentials.
• Adding a new logging framework.
• Changing database schema or production credentials.
• Reworking the login UI.
• Committing generated build artifacts.

Technical Notes

• Likely impacted files:
  • src/main/java/com/mzh/library/controller/LoginServlet.java
  • src/main/java/com/mzh/library/service/impl/AuthServiceImpl.java
  • src/main/java/com/mzh/library/dao/impl/JdbcUserDao.java
  • src/main/java/com/mzh/library/util/JdbcUtil.java
• Relevant specs:
  • .trellis/spec/backend/logging-guidelines.md
  • .trellis/spec/backend/database-guidelines.md
  • .trellis/spec/backend/quality-guidelines.md
• Verification completed at 2026-04-28 18:22 +0800:
  • /home/sjy/.sdkman/candidates/maven/current/bin/mvn test passed with BUILD SUCCESS.
  • /home/sjy/.sdkman/candidates/maven/current/bin/mvn package passed with BUILD SUCCESS and produced target/library-management.war.
  • git diff --check passed.
  • Sensitive logger scan only found boolean password state fields, password=<redacted>, and password-mismatch category labels.
• Verification completed at 2026-04-28 18:33 +0800:
  • PasswordHasher.verify returned true for admin/admin123, librarian/librarian123, and reader/reader123 against the updated schema.sql PBKDF2 hashes.
  • /home/sjy/.sdkman/candidates/maven/current/bin/mvn verify passed with BUILD SUCCESS.
  • git diff --check passed.