From c6d89f6c83abe98bc6ea5c90adba518a11404b17 Mon Sep 17 00:00:00 2001
From: Denislav Prinov <denislav.prinov@bosch.com>
Date: Tue, 1 Apr 2025 10:02:26 +0300
Subject: [PATCH] Audit log wildcard * introduction to include all parameters
 by default

Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>
---
 .../org/eclipse/hawkbit/audit/AuditLog.java   |  2 +-
 .../hawkbit/audit/AuditLoggingAspect.java     | 22 ++++++++++++++-----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/audit/AuditLog.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/audit/AuditLog.java
index 2deb8929e..4807078df 100644
--- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/audit/AuditLog.java
+++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/audit/AuditLog.java
@@ -34,7 +34,7 @@ public @interface AuditLog {
 
     String message() default "";
 
-    String[] logParams() default {};
+    String[] logParams() default {"*"};
 
     boolean logResponse() default false;
 }
\ No newline at end of file
diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/audit/AuditLoggingAspect.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/audit/AuditLoggingAspect.java
index 9d0206a2b..485863a76 100644
--- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/audit/AuditLoggingAspect.java
+++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/audit/AuditLoggingAspect.java
@@ -30,8 +30,16 @@ import org.springframework.stereotype.Component;
 public class AuditLoggingAspect {
 
     /**
-     * Around advice that applies to methods annotated with @AuditLog.
-     * It logs the request and, if logResponse is true, the response as well.
+     * Provides around advice for methods annotated with {@code @AuditLog}.
+     * <p>
+     * By default, all method parameters are logged. To restrict logging to specific parameters,
+     * specify them via the {@code logParams} attribute (e.g., {@code  = {"param1", "param2"}}).
+     * To disable parameter logging, use an empty array (i.e., {@code logParams = {}}).
+     * </p>
+     * <p>
+     * This advice logs the request details and, if {@code logResponse} is set to {@code true},
+     * logs the method response as well.
+     * </p>
      */
     @Around("@annotation(auditLog)")
     public Object handleAuditLogging(final ProceedingJoinPoint joinPoint, final AuditLog auditLog) throws Throwable {
@@ -86,9 +94,9 @@ public class AuditLoggingAspect {
 
     private String getParamsToLog(final JoinPoint joinPoint, final AuditLog auditLog) {
         final Object[] args = joinPoint.getArgs();
-        final String[] includeParams = auditLog.logParams();
+        final String[] logParams = auditLog.logParams();
 
-        if (includeParams.length == 0) {
+        if (isLogAll(logParams)) {
             return Arrays.deepToString(args);
         } else {
             final MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
@@ -97,7 +105,7 @@ public class AuditLoggingAspect {
                     .boxed()
                     .collect(Collectors.toMap(i -> paramNames[i], i -> args[i]));
 
-            return Arrays.stream(includeParams)
+            return Arrays.stream(logParams)
                     .filter(paramMap::containsKey)
                     .map(name -> name + "=" + paramMap.get(name))
                     .collect(Collectors.joining(", "));
@@ -130,6 +138,10 @@ public class AuditLoggingAspect {
         return resultMessageBuilder.build();
     }
 
+    private boolean isLogAll(String [] logParams) {
+        return Arrays.asList(logParams).contains("*");
+    }
+
     @Builder
     private record ResultMessage(String message, AuditLog.Level level) {}
 }
\ No newline at end of file