From 42e025eb3f5f01965977fbf4e8db0dc4fcef4ee6 Mon Sep 17 00:00:00 2001
From: Roman Zabaluev <rzabaluev@provectus.com>
Date: Tue, 2 May 2023 16:51:21 +0800
Subject: [PATCH] Add some logging

---
 .../rbac/extractor/OauthAuthorityExtractor.java   | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/rbac/extractor/OauthAuthorityExtractor.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/rbac/extractor/OauthAuthorityExtractor.java
index 2d4c01a0a2..57eb256edd 100644
--- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/rbac/extractor/OauthAuthorityExtractor.java
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/rbac/extractor/OauthAuthorityExtractor.java
@@ -66,11 +66,18 @@ public class OauthAuthorityExtractor implements ProviderAuthorityExtractor {
             .stream()
             .filter(s -> s.getProvider().equals(Provider.OAUTH))
             .filter(s -> s.getType().equals("role"))
-            .anyMatch(subject
-                -> {
-              var principalRoles = convertRoles(principal.getAttribute(rolesFieldName));
+            .anyMatch(subject -> {
               var roleName = subject.getValue();
-              return principalRoles.contains(roleName);
+              var principalRoles = convertRoles(principal.getAttribute(rolesFieldName));
+              var roleMatched = principalRoles.contains(roleName);
+
+              if (roleMatched) {
+                log.debug("Assigning role [{}] to user [{}]", roleName, principal.getName());
+              } else {
+                log.trace("Role [{}] not found in user [{}] roles", roleName, principal.getName());
+              }
+
+              return roleMatched;
             })
         )
         .map(Role::getName)