logging refactoring - level debug

server/src/main/java/password/pwm/PwmApplication.java

@@ -271,18 +271,18 @@ public class PwmApplication
         this.localDBLogger = PwmLogManager.initializeLocalDBLogger( this );
 
         // log the loaded configuration
-        LOGGER.debug( "configuration load completed" );
+        LOGGER.debug( () -> "configuration load completed" );
 
         // read the pwm servlet instance id
         instanceID = fetchInstanceID( localDB, this );
-        LOGGER.debug( "using '" + getInstanceID() + "' for instance's ID (instanceID)" );
+        LOGGER.debug( () -> "using '" + getInstanceID() + "' for instance's ID (instanceID)" );
 
         // read the pwm installation date
         installTime = fetchInstallDate( startupTime );
-        LOGGER.debug( "this application instance first installed on " + JavaHelper.toIsoDate( installTime ) );
+        LOGGER.debug( () -> "this application instance first installed on " + JavaHelper.toIsoDate( installTime ) );
 
-        LOGGER.debug( "application environment flags: " + JsonUtil.serializeCollection( pwmEnvironment.getFlags() ) );
-        LOGGER.debug( "application environment parameters: " + JsonUtil.serializeMap( pwmEnvironment.getParameters() ) );
+        LOGGER.debug( () -> "application environment flags: " + JsonUtil.serializeCollection( pwmEnvironment.getFlags() ) );
+        LOGGER.debug( () -> "application environment parameters: " + JsonUtil.serializeMap( pwmEnvironment.getParameters() ) );
 
         applicationExecutorService = JavaHelper.makeSingleThreadExecutorService( this, this.getClass() );
 
@@ -296,7 +296,7 @@ public class PwmApplication
             final TimeDuration totalTime = TimeDuration.fromCurrent( startTime );
             LOGGER.info( PwmConstants.PWM_APP_NAME + " " + PwmConstants.SERVLET_VERSION + " open for bidness! (" + totalTime.asCompactString() + ")" );
             StatisticsManager.incrementStat( this, Statistic.PWM_STARTUPS );
-            LOGGER.debug( "buildTime=" + PwmConstants.BUILD_TIME + ", javaLocale=" + Locale.getDefault() + ", DefaultLocale=" + PwmConstants.DEFAULT_LOCALE );
+            LOGGER.debug( () -> "buildTime=" + PwmConstants.BUILD_TIME + ", javaLocale=" + Locale.getDefault() + ", DefaultLocale=" + PwmConstants.DEFAULT_LOCALE );
 
             applicationExecutorService.execute( () -> postInitTasks() );
         }
@@ -331,7 +331,7 @@ public class PwmApplication
         }
         catch ( Exception e )
         {
-            LOGGER.debug( "unable to detect if configuration has been modified since previous startup: " + e.getMessage() );
+            LOGGER.debug( () -> "unable to detect if configuration has been modified since previous startup: " + e.getMessage() );
         }
 
         if ( this.getConfig() != null )
@@ -393,7 +393,7 @@ public class PwmApplication
             }
             catch ( Exception e )
             {
-                LOGGER.debug( "error while generating keystore output: " + e.getMessage() );
+                LOGGER.debug( () -> "error while generating keystore output: " + e.getMessage() );
             }
 
             try
@@ -402,7 +402,7 @@ public class PwmApplication
             }
             catch ( Exception e )
             {
-                LOGGER.debug( "error while generating tomcat conf output: " + e.getMessage() );
+                LOGGER.debug( () -> "error while generating tomcat conf output: " + e.getMessage() );
             }
         }
 
@@ -414,7 +414,7 @@ public class PwmApplication
         }
         catch ( Exception e )
         {
-            LOGGER.debug( "error initializing UserAgentUtils: " + e.getMessage() );
+            LOGGER.debug( () -> "error initializing UserAgentUtils: " + e.getMessage() );
         }
 
         LOGGER.trace( () -> "completed post init tasks in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
@@ -876,7 +876,7 @@ public class PwmApplication
                 throw new PwmUnrecoverableException( pwmApplication.lastLocalDBFailure );
             }
 
-            LOGGER.debug( "using localDB path " + databaseDirectory );
+            LOGGER.debug( () -> "using localDB path " + databaseDirectory );
 
             // initialize the localDB
             try
@@ -983,11 +983,11 @@ public class PwmApplication
             LOGGER.trace( () -> "preparing to create temporary directory " + tempDirectory.getAbsolutePath() );
             if ( tempDirectory.mkdir() )
             {
-                LOGGER.debug( "created " + tempDirectory.getAbsolutePath() );
+                LOGGER.debug( () -> "created " + tempDirectory.getAbsolutePath() );
             }
             else
             {
-                LOGGER.debug( "unable to create temporary directory " + tempDirectory.getAbsolutePath() );
+                LOGGER.debug( () -> "unable to create temporary directory " + tempDirectory.getAbsolutePath() );
                 final ErrorInformation errorInformation = new ErrorInformation(
                         PwmError.ERROR_STARTUP_ERROR,
                         "unable to establish create temp work directory " + tempDirectory.getAbsolutePath()
@@ -1090,7 +1090,7 @@ public class PwmApplication
                 }
                 else
                 {
-                    LOGGER.trace( "skipping scheduled job " + runnable + " on shutdown executor + " + executor );
+                    LOGGER.trace( () -> "skipping scheduled job " + runnable + " on shutdown executor + " + executor );
                 }
             }
             catch ( Throwable t )

server/src/main/java/password/pwm/PwmEnvironment.java

@@ -572,7 +572,7 @@ public class PwmEnvironment
 
             if ( !isFileLocked() )
             {
-                LOGGER.debug( "can't establish application file lock after "
+                LOGGER.debug( () -> "can't establish application file lock after "
                         + TimeDuration.fromCurrent( startTime ).asCompactString()
                         + ", will retry;" );
                 attemptInterval.pause();
@@ -619,12 +619,12 @@ public class PwmEnvironment
                     lock = f.tryLock();
                     if ( lock != null )
                     {
-                        LOGGER.debug( "obtained file lock on file " + lockfile.getAbsolutePath() + " lock is valid=" + lock.isValid() );
+                        LOGGER.debug( () -> "obtained file lock on file " + lockfile.getAbsolutePath() + " lock is valid=" + lock.isValid() );
                         writeLockFileContents( file );
                     }
                     else
                     {
-                        LOGGER.debug( "unable to obtain file lock on file " + lockfile.getAbsolutePath() );
+                        LOGGER.debug( () -> "unable to obtain file lock on file " + lockfile.getAbsolutePath() );
                     }
                 }
                 catch ( Exception e )
@@ -667,7 +667,7 @@ public class PwmEnvironment
                     LOGGER.error( "error releasing file lock: " + e.getMessage() );
                 }
 
-                LOGGER.debug( "released file lock on file " + lockfile.getAbsolutePath() );
+                LOGGER.debug( () -> "released file lock on file " + lockfile.getAbsolutePath() );
             }
         }
     }

server/src/main/java/password/pwm/config/stored/ConfigurationReader.java

@@ -91,7 +91,7 @@ public class ConfigurationReader
             this.storedConfiguration = StoredConfigurationImpl.newStoredConfiguration();
         }
 
-        LOGGER.debug( "configuration mode: " + configMode );
+        LOGGER.debug( () -> "configuration mode: " + configMode );
     }
 
     public PwmApplicationMode getConfigMode( )
@@ -122,7 +122,7 @@ public class ConfigurationReader
 
     private StoredConfigurationImpl readStoredConfig( ) throws PwmUnrecoverableException
     {
-        LOGGER.debug( "loading configuration file: " + configFile );
+        LOGGER.debug( () -> "loading configuration file: " + configFile );
 
         configurationReadTime = new Date();
 
@@ -193,7 +193,7 @@ public class ConfigurationReader
 
         final String fileSize = StringUtil.formatDiskSize( configFile.length() );
         final TimeDuration timeDuration = TimeDuration.fromCurrent( startTime );
-        LOGGER.debug( "configuration reading/parsing of " + fileSize + " complete in " + timeDuration.asLongString() );
+        LOGGER.debug( () -> "configuration reading/parsing of " + fileSize + " complete in " + timeDuration.asLongString() );
 
         return storedConfiguration;
     }

server/src/main/java/password/pwm/config/stored/NGStoredConfigurationFactory.java

@@ -144,7 +144,7 @@ public class NGStoredConfigurationFactory
 
             if ( pwmSetting == null )
             {
-                LOGGER.debug( "ignoring setting for unknown key: " + key );
+                LOGGER.debug( () -> "ignoring setting for unknown key: " + key );
             }
             else
             {

server/src/main/java/password/pwm/config/stored/StoredConfigurationImpl.java

@@ -147,7 +147,7 @@ public class StoredConfigurationImpl implements StoredConfiguration
         }
 
         checkIfXmlRequiresUpdate( newConfiguration );
-        LOGGER.debug( "successfully loaded configuration (" + TimeDuration.compactFromCurrent( startTime ) + ")" );
+        LOGGER.debug( () -> "successfully loaded configuration (" + TimeDuration.compactFromCurrent( startTime ) + ")" );
         return newConfiguration;
     }
 
@@ -1854,7 +1854,7 @@ public class StoredConfigurationImpl implements StoredConfiguration
                 null
         );
 
-        LOGGER.debug( "initialized new random security key" );
+        LOGGER.debug( () -> "initialized new random security key" );
     }
 
 

server/src/main/java/password/pwm/config/value/ActionValue.java

@@ -377,7 +377,7 @@ public class ActionValue extends AbstractValue implements StoredValue
             }
             catch ( NumberFormatException e )
             {
-                LOGGER.debug( "unable to parse syntax version for setting " + e.getMessage() );
+                LOGGER.debug( () -> "unable to parse syntax version for setting " + e.getMessage() );
             }
         }
         return 0;

server/src/main/java/password/pwm/config/value/ChallengeValue.java

@@ -212,7 +212,7 @@ public class ChallengeValue extends AbstractValue implements StoredValue
             }
             catch ( Exception e )
             {
-                LOGGER.debug( "unexpected error parsing config input '" + inputString + "' " + e.getMessage() );
+                LOGGER.debug( () -> "unexpected error parsing config input '" + inputString + "' " + e.getMessage() );
             }
         }
         if ( s1.length > 2 )
@@ -223,7 +223,7 @@ public class ChallengeValue extends AbstractValue implements StoredValue
             }
             catch ( Exception e )
             {
-                LOGGER.debug( "unexpected error parsing config input '" + inputString + "' " + e.getMessage() );
+                LOGGER.debug( () -> "unexpected error parsing config input '" + inputString + "' " + e.getMessage() );
             }
         }
 

server/src/main/java/password/pwm/health/ApplianceStatusChecker.java

@@ -98,11 +98,11 @@ public class ApplianceStatusChecker implements HealthChecker
         final PwmHttpClientRequest pwmHttpClientRequest = new PwmHttpClientRequest( HttpMethod.GET, url, null, requestHeaders );
         final PwmHttpClientResponse response = pwmHttpClient.makeRequest( pwmHttpClientRequest );
 
-        LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, "https response from appliance server request: " + response.getBody() );
+        LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, () -> "https response from appliance server request: " + response.getBody() );
 
         final String jsonString = response.getBody();
 
-        LOGGER.debug( "response from /sspr/appliance-update-status: " + jsonString );
+        LOGGER.debug( () -> "response from /sspr/appliance-update-status: " + jsonString );
 
         final UpdateStatus updateStatus = JsonUtil.deserialize( jsonString, UpdateStatus.class );
 
@@ -156,7 +156,7 @@ public class ApplianceStatusChecker implements HealthChecker
         final String port = pwmApplication.getPwmEnvironment().getParameters().get( PwmEnvironment.ApplicationParameter.AppliancePort );
 
         final String url = "https://" + hostname + ":" + port + "/sspr/appliance-update-status";
-        LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, "calculated appliance host url as: " + url );
+        LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, () -> "calculated appliance host url as: " + url );
         return url;
     }
 

server/src/main/java/password/pwm/health/HealthMonitor.java

@@ -144,7 +144,7 @@ public class HealthMonitor implements PwmService
 
         if ( !Boolean.parseBoolean( pwmApplication.getConfig().readAppProperty( AppProperty.HEALTHCHECK_ENABLED ) ) )
         {
-            LOGGER.debug( "health monitor will remain inactive due to AppProperty " + AppProperty.HEALTHCHECK_ENABLED.getKey() );
+            LOGGER.debug( () -> "health monitor will remain inactive due to AppProperty " + AppProperty.HEALTHCHECK_ENABLED.getKey() );
             status = STATUS.CLOSED;
             return;
         }

server/src/main/java/password/pwm/health/LDAPStatusChecker.java

@@ -179,7 +179,7 @@ public class LDAPStatusChecker implements HealthChecker
         catch ( PwmUnrecoverableException e )
         {
             final String msgString = e.getMessage();
-            LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message="
+            LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, () -> "unexpected error while testing test user (during object creation): message="
                     + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage( e ) );
             returnRecords.add( HealthRecord.forMessage( HealthMessage.LDAP_TestUserUnexpected,
                     PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug( ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE ),
@@ -230,7 +230,7 @@ public class LDAPStatusChecker implements HealthChecker
                 final String msgString = e.getMessage();
                 LOGGER.trace(
                         SessionLabel.HEALTH_SESSION_LABEL,
-                        "unexpected error while testing test user (during object creation): message="
+                        () -> "unexpected error while testing test user (during object creation): message="
                                 + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage( e )
                 );
                 returnRecords.add( HealthRecord.forMessage( HealthMessage.LDAP_TestUserUnexpected,
@@ -255,7 +255,7 @@ public class LDAPStatusChecker implements HealthChecker
 
             LOGGER.trace(
                     SessionLabel.HEALTH_SESSION_LABEL,
-                    "beginning process to check ldap test user password read/write operations for profile "
+                    () -> "beginning process to check ldap test user password read/write operations for profile "
                             + ldapProfile.getIdentifier()
             );
             try
@@ -271,7 +271,7 @@ public class LDAPStatusChecker implements HealthChecker
                     }
                     catch ( Exception e )
                     {
-                        LOGGER.debug( SessionLabel.HEALTH_SESSION_LABEL, "error reading user password from directory " + e.getMessage() );
+                        LOGGER.debug( SessionLabel.HEALTH_SESSION_LABEL, () -> "error reading user password from directory " + e.getMessage() );
                         returnRecords.add( HealthRecord.forMessage( HealthMessage.LDAP_TestUserReadPwError,
                                 PwmSetting.EDIRECTORY_READ_USER_PWD.toMenuLocationDebug( null, PwmConstants.DEFAULT_LOCALE ),
                                 PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug( ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE ),
@@ -321,7 +321,7 @@ public class LDAPStatusChecker implements HealthChecker
                             );
                             if ( withinMinLifetime )
                             {
-                                LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, "skipping test user password set due to password being within minimum lifetime" );
+                                LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, () -> "skipping test user password set due to password being within minimum lifetime" );
                                 doPasswordChange = false;
                             }
                         }
@@ -332,7 +332,7 @@ public class LDAPStatusChecker implements HealthChecker
                         try
                         {
                             theUser.setPassword( newPassword.getStringValue() );
-                            LOGGER.debug( SessionLabel.HEALTH_SESSION_LABEL, "set random password on test user " + userIdentity.toDisplayString() );
+                            LOGGER.debug( SessionLabel.HEALTH_SESSION_LABEL, () -> "set random password on test user " + userIdentity.toDisplayString() );
                         }
                         catch ( ChaiException e )
                         {
@@ -668,7 +668,7 @@ public class LDAPStatusChecker implements HealthChecker
             return ( List<HealthRecord> ) healthProperties.get( HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck );
         }
 
-        LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, "beginning check for replica vendor sameness" );
+        LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, () -> "beginning check for replica vendor sameness" );
         boolean errorReachingServer = false;
         final Map<String, DirectoryVendor> replicaVendorMap = new HashMap<>();
 
@@ -748,7 +748,8 @@ public class LDAPStatusChecker implements HealthChecker
             }
         }
 
-        LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, "beginning check for ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") support" );
+        LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, () -> "beginning check for ad api password policy (asn "
+                + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") support" );
         boolean errorReachingServer = false;
         final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
 

server/src/main/java/password/pwm/http/ContextManager.java

@@ -229,7 +229,11 @@ public class ContextManager implements Serializable
         {
             handleStartupError( "unable to initialize application due to configuration related error: ", e );
         }
-        LOGGER.debug( "configuration file was loaded from " + ( configurationFile == null ? "null" : configurationFile.getAbsoluteFile() ) );
+
+        {
+            final String filename = configurationFile == null ? "null" : configurationFile.getAbsoluteFile().getAbsolutePath();
+            LOGGER.debug( () -> "configuration file was loaded from " + ( filename ) );
+        }
 
         final Collection<PwmEnvironment.ApplicationFlag> applicationFlags = parameterReader.readApplicationFlags();
         final Map<PwmEnvironment.ApplicationParameter, String> applicationParams = parameterReader.readApplicationParams();
@@ -366,7 +370,7 @@ public class ContextManager implements Serializable
 
     public void requestPwmApplicationRestart( )
     {
-        LOGGER.debug( "immediate restart requested" );
+        LOGGER.debug( () -> "immediate restart requested" );
         taskMaster.schedule( new RestartFlagWatcher(), 0, TimeUnit.MILLISECONDS );
     }
 

server/src/main/java/password/pwm/http/HttpEventManager.java

@@ -92,7 +92,7 @@ public class HttpEventManager implements
                 {
                     pwmApplication.getSessionTrackService().removeSessionData( pwmSession );
                 }
-                LOGGER.trace( pwmSession, "destroyed session" );
+                LOGGER.trace( pwmSession, () -> "destroyed session" );
             }
             else
             {
@@ -154,7 +154,7 @@ public class HttpEventManager implements
         try
         {
             final PwmSession pwmSession = PwmSessionWrapper.readPwmSession( event.getSession() );
-            LOGGER.trace( pwmSession.getLabel(), "passivating session" );
+            LOGGER.trace( pwmSession.getLabel(), () -> "passivating session" );
         }
         catch ( PwmUnrecoverableException e )
         {
@@ -168,7 +168,7 @@ public class HttpEventManager implements
         {
             final HttpSession httpSession = event.getSession();
             final PwmSession pwmSession = PwmSessionWrapper.readPwmSession( httpSession );
-            LOGGER.trace( pwmSession.getLabel(), "activating (de-passivating) session" );
+            LOGGER.trace( pwmSession.getLabel(), () -> "activating (de-passivating) session" );
             final PwmApplication pwmApplication = ContextManager.getPwmApplication( httpSession.getServletContext() );
             if ( pwmApplication != null )
             {

server/src/main/java/password/pwm/http/PwmRequest.java

@@ -47,6 +47,7 @@ import password.pwm.http.servlet.command.CommandServlet;
 import password.pwm.ldap.UserInfo;
 import password.pwm.util.Validator;
 import password.pwm.util.java.StringUtil;
+import password.pwm.util.logging.PwmLogLevel;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.secure.PwmSecurityKey;
 import password.pwm.ws.server.RestResultBean;
@@ -353,7 +354,7 @@ public class PwmRequest extends PwmHttpRequestWrapper
         redirectURL.append( "&" );
         redirectURL.append( PwmConstants.PARAM_TOKEN ).append( "=" ).append( tokenValue );
 
-        LOGGER.debug( pwmSession, "detected long servlet url, redirecting user to " + redirectURL );
+        LOGGER.debug( pwmSession, () -> "detected long servlet url, redirecting user to " + redirectURL );
         sendRedirect( redirectURL.toString() );
         return true;
     }
@@ -380,7 +381,11 @@ public class PwmRequest extends PwmHttpRequestWrapper
     public void debugHttpRequestToLog( final String extraText )
             throws PwmUnrecoverableException
     {
-        LOGGER.trace( this.getSessionLabel(), debugHttpRequestToString( extraText, false ) );
+        if ( LOGGER.isEnabled( PwmLogLevel.TRACE ) )
+        {
+            final String debugTxt = debugHttpRequestToString( extraText, false );
+            LOGGER.trace( this.getSessionLabel(), () -> debugTxt );
+        }
     }
 
     public boolean isAuthenticated( )

server/src/main/java/password/pwm/http/PwmResponse.java

@@ -109,7 +109,7 @@ public class PwmResponse extends PwmHttpResponseWrapper
         final String url = jspURL.getPath();
         try
         {
-            LOGGER.trace( pwmRequest.getSessionLabel(), "forwarding to " + url );
+            LOGGER.trace( pwmRequest, () -> "forwarding to " + url );
         }
         catch ( Exception e )
         {
@@ -139,7 +139,7 @@ public class PwmResponse extends PwmHttpResponseWrapper
 
         if ( showMessage )
         {
-            LOGGER.trace( pwmSession, "skipping success page due to configuration setting." );
+            LOGGER.trace( pwmSession, () -> "skipping success page due to configuration setting" );
             final String redirectUrl = pwmRequest.getContextPath()
                     + PwmServletDefinition.PublicCommand.servletUrl()
                     + "?processAction=next";
@@ -169,13 +169,13 @@ public class PwmResponse extends PwmHttpResponseWrapper
 
         if ( JavaHelper.enumArrayContainsValue( flags, Flag.ForceLogout ) )
         {
-            LOGGER.debug( pwmRequest, "forcing logout due to error " + errorInformation.toDebugStr() );
+            LOGGER.debug( pwmRequest, () -> "forcing logout due to error " + errorInformation.toDebugStr() );
             pwmRequest.getPwmSession().unauthenticateUser( pwmRequest );
         }
 
         if ( getResponseFlags().contains( PwmResponseFlag.ERROR_RESPONSE_SENT ) )
         {
-            LOGGER.debug( pwmRequest, "response error has been previously set, disregarding new error: " + errorInformation.toDebugStr() );
+            LOGGER.debug( pwmRequest, () -> "response error has been previously set, disregarding new error: " + errorInformation.toDebugStr() );
             return;
         }
 
@@ -265,7 +265,7 @@ public class PwmResponse extends PwmHttpResponseWrapper
 
         // http "other" redirect
         resp.setHeader( HttpHeader.Location.getHttpName(), url );
-        LOGGER.trace( pwmRequest, "sending " + redirectType.getCode() + " redirect to " + url );
+        LOGGER.trace( pwmRequest, () -> "sending " + redirectType.getCode() + " redirect to " + url );
     }
 
     private void preCommitActions( )

server/src/main/java/password/pwm/http/PwmSession.java

@@ -107,7 +107,7 @@ public class PwmSession implements Serializable
             }
             catch ( NumberFormatException e )
             {
-                LOGGER.debug( this, "error generating sessionID: " + e.getMessage(), e );
+                LOGGER.debug( this, () -> "error generating sessionID: " + e.getMessage(), e );
             }
             this.getSessionStateBean().setSessionID( nextID );
         }
@@ -121,7 +121,7 @@ public class PwmSession implements Serializable
 
         pwmApplication.getSessionTrackService().addSessionData( this );
 
-        LOGGER.trace( this, "created new session" );
+        LOGGER.trace( this, () -> "created new session" );
     }
 
 
@@ -159,7 +159,7 @@ public class PwmSession implements Serializable
 
     public void reloadUserInfoBean( final PwmApplication pwmApplication ) throws PwmUnrecoverableException
     {
-        LOGGER.trace( this, "performing reloadUserInfoBean" );
+        LOGGER.trace( this, () -> "performing reloadUserInfoBean" );
         final UserInfo oldUserInfoBean = getUserInfo();
 
         final UserInfo userInfo;
@@ -262,7 +262,7 @@ public class PwmSession implements Serializable
             // close out any outstanding connections
             getSessionManager().closeConnections();
 
-            LOGGER.debug( this, sb.toString() );
+            LOGGER.debug( this, () -> sb.toString() );
         }
 
         if ( pwmRequest != null )
@@ -338,7 +338,7 @@ public class PwmSession implements Serializable
         final Locale requestedLocale = LocaleHelper.parseLocaleString( localeString );
         if ( knownLocales.contains( requestedLocale ) || "default".equalsIgnoreCase( localeString ) )
         {
-            LOGGER.debug( this, "setting session locale to '" + localeString + "'" );
+            LOGGER.debug( this, () -> "setting session locale to '" + localeString + "'" );
             ssBean.setLocale( "default".equalsIgnoreCase( localeString )
                     ? PwmConstants.DEFAULT_LOCALE
                     : requestedLocale );

server/src/main/java/password/pwm/http/PwmSessionWrapper.java

@@ -87,7 +87,7 @@ public class PwmSessionWrapper
         if ( httpSession.getMaxInactiveInterval() != result.getIdleTimeout().as( TimeDuration.Unit.SECONDS ) )
         {
             httpSession.setMaxInactiveInterval( ( int ) result.getIdleTimeout().as( TimeDuration.Unit.SECONDS ) );
-            LOGGER.trace( pwmSession, "setting java servlet session timeout to " + result.getIdleTimeout().asCompactString()
+            LOGGER.trace( pwmSession, () -> "setting java servlet session timeout to " + result.getIdleTimeout().asCompactString()
                     + " due to " + result.getReason() );
         }
     }

server/src/main/java/password/pwm/http/PwmURL.java

@@ -441,16 +441,16 @@ public class PwmURL
             {
                 try
                 {
-                    final String strPattern = loopFragment.substring( regexPrefix.length(), loopFragment.length() );
+                    final String strPattern = loopFragment.substring( regexPrefix.length() );
                     final Pattern pattern = Pattern.compile( strPattern );
                     if ( pattern.matcher( testURI ).matches() )
                     {
-                        LOGGER.debug( sessionLabel, "positive URL match for regex pattern: " + strPattern );
+                        LOGGER.debug( sessionLabel, () -> "positive URL match for regex pattern: " + strPattern );
                         return true;
                     }
                     else
                     {
-                        LOGGER.trace( sessionLabel, "negative URL match for regex pattern: " + strPattern );
+                        LOGGER.trace( sessionLabel, () -> "negative URL match for regex pattern: " + strPattern );
                     }
                 }
                 catch ( Exception e )
@@ -463,12 +463,12 @@ public class PwmURL
             {
                 if ( testURI.startsWith( loopFragment ) )
                 {
-                    LOGGER.debug( sessionLabel, "positive URL match for pattern: " + loopFragment );
+                    LOGGER.debug( sessionLabel, () -> "positive URL match for pattern: " + loopFragment );
                     return true;
                 }
                 else
                 {
-                    LOGGER.trace( sessionLabel, "negative URL match for pattern: " + loopFragment );
+                    LOGGER.trace( sessionLabel, () -> "negative URL match for pattern: " + loopFragment );
                 }
             }
         }

server/src/main/java/password/pwm/http/SessionManager.java

@@ -118,13 +118,13 @@ public class SessionManager
         {
             try
             {
-                LOGGER.debug( pwmSession.getLabel(), "closing user ldap connection" );
+                LOGGER.debug( pwmSession, () -> "closing user ldap connection" );
                 chaiProvider.close();
                 chaiProvider = null;
             }
             catch ( Exception e )
             {
-                LOGGER.error( pwmSession.getLabel(), "error while closing user connection: " + e.getMessage() );
+                LOGGER.error( pwmSession, "error while closing user connection: " + e.getMessage() );
             }
         }
     }
@@ -183,7 +183,7 @@ public class SessionManager
             this.pwmSession.getLoginInfoBean().setReqCounter(
                     this.pwmSession.getLoginInfoBean().getReqCounter() + 1 );
 
-            LOGGER.trace( pwmSession.getLabel(), "incremented request counter to " + this.pwmSession.getLoginInfoBean().getReqCounter() );
+            LOGGER.trace( pwmSession, () -> "incremented request counter to " + this.pwmSession.getLoginInfoBean().getReqCounter() );
         }
     }
 
@@ -193,14 +193,14 @@ public class SessionManager
         final boolean devDebugMode = pwmApplication.getConfig().isDevDebugMode();
         if ( devDebugMode )
         {
-            LOGGER.trace( pwmSession.getLabel(), String.format( "entering checkPermission(%s, %s, %s)", permission, pwmSession, pwmApplication ) );
+            LOGGER.trace( pwmSession, () -> String.format( "entering checkPermission(%s, %s, %s)", permission, pwmSession, pwmApplication ) );
         }
 
         if ( !pwmSession.isAuthenticated() )
         {
             if ( devDebugMode )
             {
-                LOGGER.trace( pwmSession.getLabel(), "user is not authenticated, returning false for permission check" );
+                LOGGER.trace( pwmSession, () -> "user is not authenticated, returning false for permission check" );
             }
             return false;
         }
@@ -210,8 +210,8 @@ public class SessionManager
         {
             if ( devDebugMode )
             {
-                LOGGER.debug( pwmSession.getLabel(),
-                        String.format( "checking permission %s for user %s", permission.toString(), pwmSession.getUserInfo().getUserIdentity().toDelimitedKey() ) );
+                LOGGER.debug( pwmSession,
+                        () -> String.format( "checking permission %s for user %s", permission.toString(), pwmSession.getUserInfo().getUserIdentity().toDelimitedKey() ) );
             }
 
             final PwmSetting setting = permission.getPwmSetting();
@@ -220,13 +220,16 @@ public class SessionManager
             status = result ? Permission.PermissionStatus.GRANTED : Permission.PermissionStatus.DENIED;
             pwmSession.getUserSessionDataCacheBean().setPermission( permission, status );
 
-            LOGGER.debug( pwmSession.getLabel(),
-                    String.format( "permission %s for user %s is %s",
-                            permission.toString(),
-                            pwmSession.isAuthenticated()
-                                    ? pwmSession.getUserInfo().getUserIdentity().toDelimitedKey()
-                                    : "[unauthenticated]",
-                            status.toString() ) );
+            {
+                final Permission.PermissionStatus finalStatus = status;
+                LOGGER.debug( pwmSession,
+                        () -> String.format( "permission %s for user %s is %s",
+                                permission.toString(),
+                                pwmSession.isAuthenticated()
+                                        ? pwmSession.getUserInfo().getUserIdentity().toDelimitedKey()
+                                        : "[unauthenticated]",
+                                finalStatus.toString() ) );
+            }
         }
         return status == Permission.PermissionStatus.GRANTED;
     }

server/src/main/java/password/pwm/http/client/PwmHttpClient.java

@@ -281,7 +281,7 @@ public class PwmHttpClient
         final Instant startTime = Instant.now();
         final int counter = REQUEST_COUNTER.getAndIncrement();
 
-        LOGGER.trace( sessionLabel, "preparing to send (id=" + counter + ") "
+        LOGGER.trace( sessionLabel, () -> "preparing to send (id=" + counter + ") "
                 + clientRequest.toDebugString( this ) );
 
         final HttpResponse httpResponse = executeRequest( clientRequest );
@@ -303,7 +303,7 @@ public class PwmHttpClient
         );
 
         final TimeDuration duration = TimeDuration.fromCurrent( startTime );
-        LOGGER.trace( sessionLabel, "received response (id=" + counter + ") in "
+        LOGGER.trace( sessionLabel, () -> "received response (id=" + counter + ") in "
                 + duration.asCompactString() + ": "
                 + httpClientResponse.toDebugString( this ) );
         return httpClientResponse;

server/src/main/java/password/pwm/http/filter/AbstractPwmFilter.java

@@ -104,7 +104,7 @@ public abstract class AbstractPwmFilter implements Filter
             }
             catch ( IOException e )
             {
-                LOGGER.debug( pwmRequest, "i/o error processing request: " + e.getMessage() );
+                LOGGER.debug( pwmRequest, () -> "i/o error processing request: " + e.getMessage() );
             }
 
         }

server/src/main/java/password/pwm/http/filter/ApplicationModeFilter.java

@@ -113,7 +113,7 @@ public class ApplicationModeFilter extends AbstractPwmFilter
             }
             else
             {
-                LOGGER.debug( "unable to find a valid configuration, redirecting " + pwmURL + " to ConfigGuide" );
+                LOGGER.debug( () -> "unable to find a valid configuration, redirecting " + pwmURL + " to ConfigGuide" );
                 pwmRequest.sendRedirect( PwmServletDefinition.ConfigGuide );
                 return ProcessStatus.Halt;
             }

server/src/main/java/password/pwm/http/filter/AuthenticationFilter.java

@@ -221,14 +221,14 @@ public class AuthenticationFilter extends AbstractPwmFilter
         final String cookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_AUTHRECORD_NAME );
         if ( cookieName == null || cookieName.isEmpty() )
         {
-            LOGGER.debug( pwmRequest, "skipping auth record cookie set, cookie name parameter is blank" );
+            LOGGER.debug( pwmRequest, () -> "skipping auth record cookie set, cookie name parameter is blank" );
             return;
         }
 
         final int cookieAgeSeconds = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_AUTHRECORD_AGE ) );
         if ( cookieAgeSeconds < 1 )
         {
-            LOGGER.debug( pwmRequest, "skipping auth record cookie set, cookie age parameter is less than 1" );
+            LOGGER.debug( pwmRequest, () -> "skipping auth record cookie set, cookie age parameter is less than 1" );
             return;
         }
 
@@ -239,7 +239,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         try
         {
             pwmRequest.getPwmResponse().writeEncryptedCookie( cookieName, authRecord, cookieAgeSeconds, PwmHttpResponseWrapper.CookiePath.Application );
-            LOGGER.debug( pwmRequest, "wrote auth record cookie to user browser for use during forgotten password" );
+            LOGGER.debug( pwmRequest, () -> "wrote auth record cookie to user browser for use during forgotten password" );
         }
         catch ( PwmUnrecoverableException e )
         {
@@ -294,7 +294,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         if ( pwmRequest.isAuthenticated() )
         {
             // redirect back to self so request starts over as authenticated.
-            LOGGER.trace( pwmRequest, "inline authentication occurred during this request, redirecting to current url to restart request" );
+            LOGGER.trace( pwmRequest, () -> "inline authentication occurred during this request, redirecting to current url to restart request" );
             pwmRequest.getPwmResponse().sendRedirect( originalRequestedUrl );
             return;
         }
@@ -303,7 +303,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         if ( pwmSession.isAuthenticated() )
         {
             pwmSession.getSessionStateBean().setSessionIdRecycleNeeded( true );
-            LOGGER.debug( pwmSession, "session authenticated during request, issuing redirect to originally requested url: " + originalRequestedUrl );
+            LOGGER.debug( pwmSession, () -> "session authenticated during request, issuing redirect to originally requested url: " + originalRequestedUrl );
             pwmRequest.sendRedirect( originalRequestedUrl );
             return;
         }
@@ -329,8 +329,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         }
 
         //user is not authenticated so forward to LoginPage.
-        LOGGER.trace( pwmSession.getLabel(),
-                "user requested resource requiring authentication (" + req.getRequestURI()
+        LOGGER.trace( pwmSession, () -> "user requested resource requiring authentication (" + req.getRequestURI()
                         + "), but is not authenticated; redirecting to LoginServlet" );
 
         LoginServlet.redirectToLoginServlet( pwmRequest );
@@ -371,12 +370,12 @@ public class AuthenticationFilter extends AbstractPwmFilter
 
                         if ( pwmRequest.isAuthenticated() )
                         {
-                            LOGGER.trace( pwmRequest, "authentication provided by method " + authenticationMethod.name() );
+                            LOGGER.trace( pwmRequest, () -> "authentication provided by method " + authenticationMethod.name() );
                         }
 
                         if ( filterAuthenticationProvider.hasRedirectedResponse() )
                         {
-                            LOGGER.trace( pwmRequest, "authentication provider " + authenticationMethod.name()
+                            LOGGER.trace( pwmRequest, () -> "authentication provider " + authenticationMethod.name()
                                     + " has issued a redirect, halting authentication process" );
                             return ProcessStatus.Halt;
                         }
@@ -432,7 +431,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         {
             if ( !pwmURL.isChangePasswordURL() )
             {
-                LOGGER.debug( pwmRequest, "user is authenticated via forgotten password mechanism, redirecting to change password servlet" );
+                LOGGER.debug( pwmRequest, () -> "user is authenticated via forgotten password mechanism, redirecting to change password servlet" );
                 pwmRequest.sendRedirect(
                         pwmRequest.getContextPath()
                                 + PwmConstants.URL_PREFIX_PUBLIC
@@ -462,7 +461,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         {
             if ( !pwmURL.isSetupResponsesURL() )
             {
-                LOGGER.debug( pwmRequest, "user is required to setup responses, redirecting to setup responses servlet" );
+                LOGGER.debug( pwmRequest, () -> "user is required to setup responses, redirecting to setup responses servlet" );
                 pwmRequest.sendRedirect( PwmServletDefinition.SetupResponses );
                 return ProcessStatus.Halt;
             }
@@ -476,7 +475,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         {
             if ( !pwmURL.isSetupOtpSecretURL() )
             {
-                LOGGER.debug( pwmRequest, "user is required to setup OTP configuration, redirecting to OTP setup page" );
+                LOGGER.debug( pwmRequest, () -> "user is required to setup OTP configuration, redirecting to OTP setup page" );
                 pwmRequest.sendRedirect( PwmServletDefinition.SetupOtp );
                 return ProcessStatus.Halt;
             }
@@ -490,7 +489,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         {
             if ( !pwmURL.isProfileUpdateURL() )
             {
-                LOGGER.debug( pwmRequest, "user is required to update profile, redirecting to profile update servlet" );
+                LOGGER.debug( pwmRequest, () -> "user is required to update profile, redirecting to profile update servlet" );
                 pwmRequest.sendRedirect( PwmServletDefinition.UpdateProfile );
                 return ProcessStatus.Halt;
             }
@@ -505,13 +504,13 @@ public class AuthenticationFilter extends AbstractPwmFilter
         {
             if ( userInfo.isRequiresNewPassword() && !loginInfoBean.isLoginFlag( LoginInfoBean.LoginFlag.skipNewPw ) )
             {
-                LOGGER.debug( pwmRequest, "user password in ldap requires changing, redirecting to change password servlet" );
+                LOGGER.debug( pwmRequest, () -> "user password in ldap requires changing, redirecting to change password servlet" );
                 pwmRequest.sendRedirect( PwmServletDefinition.PrivateChangePassword );
                 return ProcessStatus.Halt;
             }
             else if ( loginInfoBean.getLoginFlags().contains( LoginInfoBean.LoginFlag.forcePwChange ) )
             {
-                LOGGER.debug( pwmRequest, "previous activity in application requires forcing pw change, redirecting to change password servlet" );
+                LOGGER.debug( pwmRequest, () -> "previous activity in application requires forcing pw change, redirecting to change password servlet" );
                 pwmRequest.sendRedirect( PwmServletDefinition.PrivateChangePassword );
                 return ProcessStatus.Halt;
             }
@@ -575,7 +574,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
                 final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
 
                 //user isn't already authenticated and has an auth header, so try to auth them.
-                LOGGER.debug( pwmSession, "attempting to authenticate user using basic auth header (username=" + basicAuthInfo.getUsername() + ")" );
+                LOGGER.debug( pwmSession, () -> "attempting to authenticate user using basic auth header (username=" + basicAuthInfo.getUsername() + ")" );
                 final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(
                         pwmApplication,
                         pwmSession,
@@ -630,7 +629,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
                     return;
                 }
 
-                LOGGER.debug( pwmRequest, "SSO Authentication header present in request, will search for user value of '" + headerValue + "'" );
+                LOGGER.debug( pwmRequest, () -> "SSO Authentication header present in request, will search for user value of '" + headerValue + "'" );
                 final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(
                         pwmApplication,
                         pwmSession,

server/src/main/java/password/pwm/http/filter/ConfigAccessFilter.java

@@ -168,7 +168,7 @@ public class ConfigAccessFilter extends AbstractPwmFilter
         boolean persistentLoginEnabled = false;
         if ( pwmRequest.getConfig().isDefaultValue( PwmSetting.PWM_SECURITY_KEY ) )
         {
-            LOGGER.debug( pwmRequest, "security not available, persistent login not possible." );
+            LOGGER.debug( pwmRequest, () -> "security not available, persistent login not possible." );
         }
         else
         {
@@ -205,7 +205,7 @@ public class ConfigAccessFilter extends AbstractPwmFilter
                                 if ( persistentLoginValue.equals( persistentLoginInfo.getPassword() ) )
                                 {
                                     persistentLoginAccepted = true;
-                                    LOGGER.debug( pwmRequest, "accepting persistent config login from cookie (expires "
+                                    LOGGER.debug( pwmRequest, () -> "accepting persistent config login from cookie (expires "
                                             + JavaHelper.toIsoDate( persistentLoginInfo.getExpireDate() )
                                             + ")"
                                     );
@@ -220,7 +220,7 @@ public class ConfigAccessFilter extends AbstractPwmFilter
                     if ( !persistentLoginAccepted )
                     {
                         pwmRequest.getPwmResponse().removeCookie( PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN, null );
-                        LOGGER.debug( pwmRequest, "removing non-working persistent config login cookie" );
+                        LOGGER.debug( pwmRequest, () -> "removing non-working persistent config login cookie" );
                     }
                 }
             }
@@ -236,12 +236,12 @@ public class ConfigAccessFilter extends AbstractPwmFilter
                 if ( storedConfig.verifyPassword( password, pwmRequest.getConfig() ) )
                 {
                     passwordAccepted = true;
-                    LOGGER.trace( pwmRequest, "valid configuration password accepted" );
+                    LOGGER.trace( pwmRequest, () -> "valid configuration password accepted" );
                     updateLoginHistory( pwmRequest, pwmRequest.getUserInfoIfLoggedIn(), true );
                 }
                 else
                 {
-                    LOGGER.trace( pwmRequest, "configuration password is not correct" );
+                    LOGGER.trace( pwmRequest, () -> "configuration password is not correct" );
                     pwmApplication.getIntruderManager().convenience().markAddressAndSession( pwmSession );
                     pwmApplication.getIntruderManager().mark( RecordType.USERNAME, PwmConstants.CONFIGMANAGER_INTRUDER_USERNAME, pwmSession.getLabel() );
                     final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_PASSWORD_ONLY_BAD );
@@ -270,7 +270,7 @@ public class ConfigAccessFilter extends AbstractPwmFilter
                             cookieValue,
                             persistentSeconds
                     );
-                    LOGGER.debug( pwmRequest, "set persistent config login cookie (expires "
+                    LOGGER.debug( pwmRequest, () -> "set persistent config login cookie (expires "
                             + JavaHelper.toIsoDate( expirationDate )
                             + ")"
                     );

server/src/main/java/password/pwm/http/filter/ObsoleteUrlFilter.java

@@ -95,7 +95,7 @@ public class ObsoleteUrlFilter extends AbstractPwmFilter
             {
                 if ( !pwmServletDefinition.servletUrl().equals( requestServletUrl ) )
                 {
-                    LOGGER.debug( pwmRequest, "obsolete url of '"
+                    LOGGER.debug( pwmRequest, () -> "obsolete url of '"
                             + requestServletUrl
                             + "' detected, redirecting to canonical URL of '"
                             + pwmServletDefinition.servletUrl() + "'" );

server/src/main/java/password/pwm/http/filter/RequestInitializationFilter.java

@@ -292,7 +292,7 @@ public class RequestInitializationFilter implements Filter
                 final String sessionPwmAppNonce = ( String ) httpSession.getAttribute( PwmConstants.SESSION_ATTR_PWM_APP_NONCE );
                 if ( sessionPwmAppNonce == null || !sessionPwmAppNonce.equals( pwmApplication.getRuntimeNonce() ) )
                 {
-                    LOGGER.debug( "invalidating http session created with non-current servlet context" );
+                    LOGGER.debug( () -> "invalidating http session created with non-current servlet context" );
                     httpSession.invalidate();
                 }
             }
@@ -324,7 +324,7 @@ public class RequestInitializationFilter implements Filter
         {
             return;
         }
-        LOGGER.debug( pwmRequest, "forcing new http session due to authentication" );
+        LOGGER.debug( pwmRequest, () -> "forcing new http session due to authentication" );
 
         final HttpServletRequest req = pwmRequest.getHttpServletRequest();
 
@@ -602,7 +602,7 @@ public class RequestInitializationFilter implements Filter
         final String localeCookie = pwmRequest.readCookie( localeCookieName );
         if ( localeCookieName.length() > 0 && localeCookie != null )
         {
-            LOGGER.debug( pwmRequest, "detected locale cookie in request, setting locale to " + localeCookie );
+            LOGGER.debug( pwmRequest, () -> "detected locale cookie in request, setting locale to " + localeCookie );
             pwmRequest.getPwmSession().setLocale( pwmRequest.getPwmApplication(), localeCookie );
         }
         else
@@ -610,7 +610,7 @@ public class RequestInitializationFilter implements Filter
             final List<Locale> knownLocales = pwmRequest.getConfig().getKnownLocales();
             final Locale userLocale = LocaleHelper.localeResolver( pwmRequest.getHttpServletRequest().getLocale(), knownLocales );
             pwmRequest.getPwmSession().getSessionStateBean().setLocale( userLocale == null ? PwmConstants.DEFAULT_LOCALE : userLocale );
-            LOGGER.trace( pwmRequest, "user locale set to '" + pwmRequest.getLocale() + "'" );
+            LOGGER.trace( pwmRequest, () -> "user locale set to '" + pwmRequest.getLocale() + "'" );
         }
 
         final String themeCookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_THEME_NAME );
@@ -619,7 +619,7 @@ public class RequestInitializationFilter implements Filter
         {
             if ( pwmRequest.getPwmApplication().getResourceServletService().checkIfThemeExists( pwmRequest, themeCookie ) )
             {
-                LOGGER.debug( pwmRequest, "detected theme cookie in request, setting theme to " + themeCookie );
+                LOGGER.debug( pwmRequest, () -> "detected theme cookie in request, setting theme to " + themeCookie );
                 pwmRequest.getPwmSession().getSessionStateBean().setTheme( themeCookie );
             }
         }
@@ -754,7 +754,7 @@ public class RequestInitializationFilter implements Filter
             {
                 final String msg = "malformed request instance, missing target uri value";
                 final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_SECURITY_VIOLATION, msg );
-                LOGGER.debug( pwmRequest, errorInformation.toDebugStr() + " [" + makeHeaderDebugStr( pwmRequest ) + "]" );
+                LOGGER.debug( pwmRequest, () -> errorInformation.toDebugStr() + " [" + makeHeaderDebugStr( pwmRequest ) + "]" );
                 throw new PwmUnrecoverableException( errorInformation );
             }
 
@@ -766,7 +766,7 @@ public class RequestInitializationFilter implements Filter
                     final String msg = "cross-origin request not permitted: origin header does not match incoming target url"
                             + " [" + makeHeaderDebugStr( pwmRequest ) + "]";
                     final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_SECURITY_VIOLATION, msg );
-                    LOGGER.debug( pwmRequest, errorInformation.toDebugStr() );
+                    LOGGER.debug( pwmRequest, errorInformation );
                     throw new PwmUnrecoverableException( errorInformation );
                 }
                 originHeaderEvaluated = true;
@@ -784,7 +784,7 @@ public class RequestInitializationFilter implements Filter
                     final String msg = "cross-origin request not permitted: referrer header does not match incoming target url"
                             + " [" + makeHeaderDebugStr( pwmRequest ) + "]";
                     final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_SECURITY_VIOLATION, msg );
-                    LOGGER.debug( pwmRequest, errorInformation.toDebugStr() );
+                    LOGGER.debug( pwmRequest, errorInformation );
                     throw new PwmUnrecoverableException( errorInformation );
                 }
                 referrerHeaderEvaluated = true;
@@ -798,7 +798,7 @@ public class RequestInitializationFilter implements Filter
             {
                 final String msg = "neither referer nor origin header request are present on non-idempotent request";
                 final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_SECURITY_VIOLATION, msg );
-                LOGGER.debug( pwmRequest, errorInformation.toDebugStr() + " [" + makeHeaderDebugStr( pwmRequest ) + "]" );
+                LOGGER.debug( pwmRequest, () -> errorInformation.toDebugStr() + " [" + makeHeaderDebugStr( pwmRequest ) + "]" );
                 throw new PwmUnrecoverableException( errorInformation );
             }
         }
@@ -830,7 +830,7 @@ public class RequestInitializationFilter implements Filter
         final TimeDuration currentDuration = TimeDuration.fromCurrent( pwmRequest.getHttpServletRequest().getSession().getLastAccessedTime() );
         if ( currentDuration.isLongerThan( maxDurationForRequest ) )
         {
-            LOGGER.debug( "unauthenticated session due to idle time, max for request is " + maxDurationForRequest.asCompactString()
+            LOGGER.debug( () -> "unauthenticated session due to idle time, max for request is " + maxDurationForRequest.asCompactString()
                     + ", session idle time is " + currentDuration.asCompactString() );
             pwmRequest.getPwmSession().unauthenticateUser( pwmRequest );
         }

server/src/main/java/password/pwm/http/filter/SessionFilter.java

@@ -113,7 +113,7 @@ public class SessionFilter extends AbstractPwmFilter
         }
         catch ( IOException e )
         {
-            LOGGER.trace( pwmRequest.getPwmSession(), "IO exception during servlet processing: " + e.getMessage() );
+            LOGGER.trace( pwmRequest, () -> "IO exception during servlet processing: " + e.getMessage() );
             throw new ServletException( e );
         }
         catch ( Throwable e )
@@ -126,11 +126,11 @@ public class SessionFilter extends AbstractPwmFilter
                     )
             {
                 // this is a jersey 1.18 bug that occurs once per execution
-                LOGGER.debug( "ignoring JaxbAnnotationIntrospector NoClassDefFoundError: " + e.getMessage() );
+                LOGGER.debug( pwmRequest, () -> "ignoring JaxbAnnotationIntrospector NoClassDefFoundError: " + e.getMessage() );
             }
             else
             {
-                LOGGER.warn( pwmRequest.getPwmSession(), "unhandled exception " + e.getMessage(), e );
+                LOGGER.error( pwmRequest, "unhandled exception " + e.getMessage(), e );
             }
 
             throw new ServletException( e );
@@ -156,7 +156,7 @@ public class SessionFilter extends AbstractPwmFilter
         // debug the http session headers
         if ( !pwmSession.getSessionStateBean().isDebugInitialized() )
         {
-            LOGGER.trace( pwmSession, pwmRequest.debugHttpHeaders() );
+            LOGGER.trace( pwmSession, () -> pwmRequest.debugHttpHeaders() );
             pwmSession.getSessionStateBean().setDebugInitialized( true );
         }
 
@@ -231,7 +231,7 @@ public class SessionFilter extends AbstractPwmFilter
                     return ProcessStatus.Halt;
                 }
                 ssBean.setForwardURL( forwardURL );
-                LOGGER.debug( pwmRequest, "forwardURL parameter detected in request, setting session forward url to " + forwardURL );
+                LOGGER.debug( pwmRequest, () -> "forwardURL parameter detected in request, setting session forward url to " + forwardURL );
             }
         }
 
@@ -251,7 +251,7 @@ public class SessionFilter extends AbstractPwmFilter
                     return ProcessStatus.Halt;
                 }
                 ssBean.setLogoutURL( logoutURL );
-                LOGGER.debug( pwmRequest, "logoutURL parameter detected in request, setting session logout url to " + logoutURL );
+                LOGGER.debug( pwmRequest, () -> "logoutURL parameter detected in request, setting session logout url to " + logoutURL );
             }
         }
 
@@ -259,7 +259,7 @@ public class SessionFilter extends AbstractPwmFilter
             final String expireParamName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_PARAM_NAME_PASSWORD_EXPIRED );
             if ( "true".equalsIgnoreCase( pwmRequest.readParameterAsString( expireParamName ) ) )
             {
-                LOGGER.debug( pwmSession, "detected param '" + expireParamName + "'=true in request, will force pw change" );
+                LOGGER.debug( pwmSession, () -> "detected param '" + expireParamName + "'=true in request, will force pw change" );
                 pwmSession.getLoginInfoBean().getLoginFlags().add( LoginInfoBean.LoginFlag.forcePwChange );
             }
         }
@@ -294,7 +294,7 @@ public class SessionFilter extends AbstractPwmFilter
 
         if ( !pwmRequest.getMethod().isIdempotent() && pwmRequest.hasParameter( PwmConstants.PARAM_FORM_ID ) )
         {
-            LOGGER.debug( pwmRequest, "session is unvalidated but can not be validated during a " + pwmRequest.getMethod().toString() + " request, will allow" );
+            LOGGER.debug( pwmRequest, () -> "session is unvalidated but can not be validated during a " + pwmRequest.getMethod().toString() + " request, will allow" );
             return ProcessStatus.Continue;
         }
 
@@ -302,7 +302,7 @@ public class SessionFilter extends AbstractPwmFilter
             final String acceptEncodingHeader = pwmRequest.getHttpServletRequest().getHeader( HttpHeader.Accept.getHttpName() );
             if ( acceptEncodingHeader != null && acceptEncodingHeader.contains( "json" ) )
             {
-                LOGGER.debug( pwmRequest, "session is unvalidated but can not be validated during a json request, will allow" );
+                LOGGER.debug( pwmRequest, () -> "session is unvalidated but can not be validated during a json request, will allow" );
                 return ProcessStatus.Continue;
             }
         }
@@ -321,7 +321,7 @@ public class SessionFilter extends AbstractPwmFilter
 
             final String returnURL = figureValidationURL( pwmRequest, ssBean.getSessionVerificationKey() );
 
-            LOGGER.trace( pwmRequest, "session has not been validated, redirecting with verification key to " + returnURL );
+            LOGGER.trace( pwmRequest, () -> "session has not been validated, redirecting with verification key to " + returnURL );
 
             // better chance of detecting un-sticky sessions this way
             pwmResponse.setHeader( HttpHeader.Connection, "close" );
@@ -343,7 +343,7 @@ public class SessionFilter extends AbstractPwmFilter
             final String returnURL = figureValidationURL( pwmRequest, null );
 
             // session looks, good, mark it as such and return;
-            LOGGER.trace( pwmRequest, "session validated, redirecting to original request url: " + returnURL );
+            LOGGER.trace( pwmRequest, () -> "session validated, redirecting to original request url: " + returnURL );
             ssBean.setSessionVerified( true );
             pwmRequest.getPwmResponse().sendRedirect( returnURL );
             return ProcessStatus.Halt;
@@ -388,7 +388,7 @@ public class SessionFilter extends AbstractPwmFilter
             }
             else
             {
-                LOGGER.debug( "dropping non-query string (body?) parameter '" + paramName + "' during redirect validation)" );
+                LOGGER.debug( () -> "dropping non-query string (body?) parameter '" + paramName + "' during redirect validation)" );
             }
         }
 
@@ -437,7 +437,7 @@ public class SessionFilter extends AbstractPwmFilter
         final int cookieAgeSeconds = ( int ) pwmRequest.getConfig().readSettingAsLong( PwmSetting.LOCALE_COOKIE_MAX_AGE );
         if ( requestedLocale != null && requestedLocale.length() > 0 )
         {
-            LOGGER.debug( pwmRequest, "detected locale request parameter " + localeParamName + " with value " + requestedLocale );
+            LOGGER.debug( pwmRequest, () -> "detected locale request parameter " + localeParamName + " with value " + requestedLocale );
             if ( pwmRequest.getPwmSession().setLocale( pwmRequest.getPwmApplication(), requestedLocale ) )
             {
                 if ( cookieAgeSeconds > 0 )
@@ -495,16 +495,17 @@ public class SessionFilter extends AbstractPwmFilter
         final String ssoOverrideParameterName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_PARAM_NAME_SSO_OVERRIDE );
         if ( pwmRequest.hasParameter( ssoOverrideParameterName ) )
         {
+            final String ssoParamValue = pwmRequest.readParameterAsString( ssoOverrideParameterName );
             if ( pwmRequest.readParameterAsBoolean( ssoOverrideParameterName ) )
             {
-                LOGGER.trace( pwmRequest, "enabling sso authentication due to parameter " + ssoOverrideParameterName + "="
-                        + pwmRequest.readParameterAsString( ssoOverrideParameterName ) );
+                LOGGER.trace( pwmRequest, () -> "enabling sso authentication due to parameter "
+                        + ssoOverrideParameterName + "=" + ssoParamValue );
                 pwmRequest.getPwmSession().getLoginInfoBean().removeFlag( LoginInfoBean.LoginFlag.noSso );
             }
             else
             {
-                LOGGER.trace( pwmRequest, "disabling sso authentication due to parameter " + ssoOverrideParameterName + "="
-                        + pwmRequest.readParameterAsString( ssoOverrideParameterName ) );
+                LOGGER.trace( pwmRequest, () -> "disabling sso authentication due to parameter "
+                        + ssoOverrideParameterName + "=" + ssoParamValue );
                 pwmRequest.getPwmSession().getLoginInfoBean().setFlag( LoginInfoBean.LoginFlag.noSso );
             }
         }
@@ -517,7 +518,7 @@ public class SessionFilter extends AbstractPwmFilter
     )
             throws PwmOperationalException
     {
-        LOGGER.trace( sessionLabel, "beginning test of requested redirect URL: " + inputURL );
+        LOGGER.trace( sessionLabel, () -> "beginning test of requested redirect URL: " + inputURL );
         if ( inputURL == null || inputURL.isEmpty() )
         {
             return;
@@ -585,7 +586,7 @@ public class SessionFilter extends AbstractPwmFilter
         }
 
         final String testURI = sb.toString();
-        LOGGER.trace( sessionLabel, "preparing to whitelist test parsed and decoded URL: " + testURI );
+        LOGGER.trace( sessionLabel, () -> "preparing to whitelist test parsed and decoded URL: " + testURI );
 
         final List<String> whiteList = pwmApplication.getConfig().readSettingAsStringArray( PwmSetting.SECURITY_REDIRECT_WHITELIST );
 

server/src/main/java/password/pwm/http/servlet/AbstractPwmServlet.java

@@ -169,7 +169,7 @@ public abstract class AbstractPwmServlet extends HttpServlet implements PwmServl
             }
             catch ( PwmUnrecoverableException e )
             {
-                LOGGER.debug( pwmRequest, "error while clearing module bean during after module error output: " + e.getMessage() );
+                LOGGER.debug( pwmRequest, () -> "error while clearing module bean during after module error output: " + e.getMessage() );
             }
         }
     }
@@ -248,7 +248,7 @@ public abstract class AbstractPwmServlet extends HttpServlet implements PwmServl
                 //store the original requested url
                 try
                 {
-                    LOGGER.debug( pwmSession, "user is authenticated without a password, redirecting to login page" );
+                    LOGGER.debug( pwmSession, () -> "user is authenticated without a password, redirecting to login page" );
                     LoginServlet.redirectToLoginServlet( PwmRequest.forRequest( req, resp ) );
                     return true;
                 }

server/src/main/java/password/pwm/http/servlet/ControlledPwmServlet.java

@@ -176,7 +176,7 @@ public abstract class ControlledPwmServlet extends AbstractPwmServlet implements
             if ( enablePostRedirectGet )
             {
                 final String servletUrl = pwmRequest.getURL().determinePwmServletPath();
-                LOGGER.debug( pwmRequest, "this request is not idempotent, redirecting to self with no action" );
+                LOGGER.debug( pwmRequest, () -> "this request is not idempotent, redirecting to self with no action" );
                 sendOtherRedirect( pwmRequest, servletUrl );
                 return;
             }

server/src/main/java/password/pwm/http/servlet/DeleteAccountServlet.java

@@ -173,7 +173,7 @@ public class DeleteAccountServlet extends ControlledPwmServlet
     )
             throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException
     {
-        LOGGER.debug( pwmRequest, "user accepted agreement" );
+        LOGGER.debug( pwmRequest, () -> "user accepted agreement" );
 
         final DeleteAccountBean deleteAccountBean = getBean( pwmRequest );
         if ( !deleteAccountBean.isAgreementPassed() )
@@ -207,7 +207,7 @@ public class DeleteAccountServlet extends ControlledPwmServlet
             final List<ActionConfiguration> actions = deleteAccountProfile.readSettingAsAction( PwmSetting.DELETE_ACCOUNT_ACTIONS );
             if ( actions != null && !actions.isEmpty() )
             {
-                LOGGER.debug( pwmRequest, "executing configured actions to user " + userIdentity );
+                LOGGER.debug( pwmRequest, () -> "executing configured actions to user " + userIdentity );
 
 
                 final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings( pwmApplication, userIdentity )
@@ -238,7 +238,7 @@ public class DeleteAccountServlet extends ControlledPwmServlet
         {
             final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine( pwmApplication );
             final String macroedUrl = macroMachine.expandMacros( nextUrl );
-            LOGGER.debug( pwmRequest, "settinging forward url to post-delete next url: " + macroedUrl );
+            LOGGER.debug( pwmRequest, () -> "settinging forward url to post-delete next url: " + macroedUrl );
             pwmRequest.getPwmSession().getSessionStateBean().setForwardURL( macroedUrl );
         }
 
@@ -278,7 +278,7 @@ public class DeleteAccountServlet extends ControlledPwmServlet
 
         if ( configuredEmailSetting == null )
         {
-            LOGGER.debug( pwmRequest, "skipping delete account notice email for '" + pwmRequest.getUserInfoIfLoggedIn() + "' no email configured" );
+            LOGGER.debug( pwmRequest, () -> "skipping delete account notice email for '" + pwmRequest.getUserInfoIfLoggedIn() + "' no email configured" );
             return;
         }
 

server/src/main/java/password/pwm/http/servlet/ForgottenUsernameServlet.java

@@ -172,7 +172,7 @@ public class ForgottenUsernameServlet extends AbstractPwmServlet
                 if ( configuredSearchFilter == null || configuredSearchFilter.isEmpty() )
                 {
                     searchFilter = FormUtility.ldapSearchFilterForForm( pwmApplication, forgottenUsernameForm );
-                    LOGGER.trace( pwmSession, "auto generated ldap search filter: " + searchFilter );
+                    LOGGER.trace( pwmSession, () -> "auto generated ldap search filter: " + searchFilter );
                 }
                 else
                 {

server/src/main/java/password/pwm/http/servlet/GuestRegistrationServlet.java

@@ -296,7 +296,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
 
         if ( configuredEmailSetting == null )
         {
-            LOGGER.debug( pwmRequest, "unable to send updated guest user email: no email configured" );
+            LOGGER.debug( pwmRequest, () -> "unable to send updated guest user email: no email configured" );
             return;
         }
 
@@ -309,7 +309,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
     )
             throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException
     {
-        LOGGER.trace( pwmRequest, "Enter: handleSearchRequest(...)" );
+        LOGGER.trace( pwmRequest, () -> "Enter: handleSearchRequest(...)" );
         final PwmSession pwmSession = pwmRequest.getPwmSession();
         final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
         final ChaiProvider chaiProvider = pwmSession.getSessionManager().getChaiProvider();
@@ -446,7 +446,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
             {
                 final FormConfiguration formItem = entry.getKey();
                 final String value = entry.getValue();
-                LOGGER.debug( pwmSession, "Attribute from form: " + formItem.getName() + " = " + value );
+                LOGGER.debug( pwmSession, () -> "Attribute from form: " + formItem.getName() + " = " + value );
                 final String n = formItem.getName();
                 final String v = formValues.get( formItem );
                 if ( n != null && n.length() > 0 && v != null && v.length() > 0 )
@@ -488,7 +488,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
 
             {
                 // execute configured actions
-                LOGGER.debug( pwmSession, "executing configured actions to user " + theUser.getEntryDN() );
+                LOGGER.debug( pwmSession, () -> "executing configured actions to user " + theUser.getEntryDN() );
                 final List<ActionConfiguration> actions = pwmApplication.getConfig().readSettingAsAction( PwmSetting.GUEST_WRITE_ATTRIBUTES );
                 if ( actions != null && !actions.isEmpty() )
                 {
@@ -574,7 +574,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
             throw new PwmOperationalException( new ErrorInformation( PwmError.ERROR_FIELD_REQUIRED, errorMsg ) );
         }
 
-        LOGGER.trace( pwmRequest, "read expiration date as " + expirationDate.toString() );
+        LOGGER.trace( pwmRequest, () -> "read expiration date as " + expirationDate.toString() );
         return expirationDate.toInstant();
     }
 
@@ -611,7 +611,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
 
         if ( configuredEmailSetting == null )
         {
-            LOGGER.debug( pwmSession, "unable to send guest registration email for '" + userIdentity + "' no email configured" );
+            LOGGER.debug( pwmSession, () -> "unable to send guest registration email for '" + userIdentity + "' no email configured" );
             return;
         }
 

server/src/main/java/password/pwm/http/servlet/LoginServlet.java

@@ -160,7 +160,7 @@ public class LoginServlet extends ControlledPwmServlet
         catch ( PwmOperationalException e )
         {
             final ErrorInformation errorInformation = e.getErrorInformation();
-            LOGGER.trace( pwmRequest, "returning rest login error to client: " + errorInformation.toDebugStr() );
+            LOGGER.trace( pwmRequest, () -> "returning rest login error to client: " + errorInformation.toDebugStr() );
             pwmRequest.outputJsonResult( RestResultBean.fromError( errorInformation, pwmRequest ) );
             return ProcessStatus.Halt;
         }
@@ -171,7 +171,7 @@ public class LoginServlet extends ControlledPwmServlet
         final String nextLoginUrl = determinePostLoginUrl( pwmRequest );
         final HashMap<String, String> resultMap = new HashMap<>( Collections.singletonMap( "nextURL", nextLoginUrl ) );
         final RestResultBean restResultBean = RestResultBean.withData( resultMap );
-        LOGGER.debug( pwmRequest, "rest login succeeded" );
+        LOGGER.debug( pwmRequest, () -> "rest login succeeded" );
         pwmRequest.outputJsonResult( restResultBean );
         return ProcessStatus.Halt;
     }
@@ -187,7 +187,7 @@ public class LoginServlet extends ControlledPwmServlet
             if ( !StringUtil.isEmpty( nextUrl ) )
             {
                 final LoginServletBean loginServletBean = pwmRequest.getPwmApplication().getSessionStateService().getBean( pwmRequest, LoginServletBean.class );
-                LOGGER.trace( pwmRequest, "received nextUrl and storing in module bean, value: " + nextUrl );
+                LOGGER.trace( pwmRequest, () -> "received nextUrl and storing in module bean, value: " + nextUrl );
                 loginServletBean.setNextUrl( nextUrl );
             }
         }
@@ -298,7 +298,7 @@ public class LoginServlet extends ControlledPwmServlet
                 paramMap
         );
 
-        LOGGER.trace( pwmRequest, "redirecting to self to set nextUrl to: " + originalRequestedUrl );
+        LOGGER.trace( pwmRequest, () -> "redirecting to self to set nextUrl to: " + originalRequestedUrl );
 
         pwmRequest.sendRedirect( redirectUrl );
     }

server/src/main/java/password/pwm/http/servlet/LogoutServlet.java

@@ -128,12 +128,9 @@ public class LogoutServlet extends ControlledPwmServlet
         final boolean authenticated = pwmRequest.isAuthenticated();
         final boolean logoutDueToIdle = Boolean.parseBoolean( pwmRequest.readParameterAsString( PARAM_IDLE ) );
 
-        String debugMsg = "processing " + ( authenticated ? "authenticated" : "unauthenticated" ) + " logout request";
-        if ( logoutDueToIdle )
-        {
-            debugMsg += " due to client idle timeout";
-        }
-        LOGGER.debug( pwmRequest, debugMsg );
+        LOGGER.debug( pwmRequest, () -> "processing " + ( authenticated ? "authenticated" : "unauthenticated" )
+                + " logout request"
+                + ( logoutDueToIdle ? " due to client idle timeout" : "" ) );
 
         final PwmSession pwmSession = pwmRequest.getPwmSession();
         final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
@@ -145,7 +142,7 @@ public class LogoutServlet extends ControlledPwmServlet
             final String sessionLogoutURL = pwmSession.getSessionStateBean().getLogoutURL();
             if ( sessionLogoutURL != null && sessionLogoutURL.length() > 0 )
             {
-                LOGGER.trace( pwmSession, "redirecting user to session parameter set logout url: " + sessionLogoutURL );
+                LOGGER.trace( pwmSession, () -> "redirecting user to session parameter set logout url: " + sessionLogoutURL );
                 pwmRequest.sendRedirect( sessionLogoutURL );
                 pwmRequest.invalidateSession();
                 return;
@@ -177,7 +174,7 @@ public class LogoutServlet extends ControlledPwmServlet
 
                 final String logoutURL = PwmURL.appendAndEncodeUrlParameters( configuredLogoutURL, logoutUrlParameters );
 
-                LOGGER.trace( pwmSession, "redirecting user to configured logout url:" + logoutURL );
+                LOGGER.trace( pwmSession, () -> "redirecting user to configured logout url:" + logoutURL );
                 pwmRequest.sendRedirect( logoutURL );
                 pwmRequest.invalidateSession();
                 return;
@@ -249,19 +246,20 @@ public class LogoutServlet extends ControlledPwmServlet
 
             if ( matchedServlet != null )
             {
-                LOGGER.trace( pwmRequest, "matched next url to servlet definition " + matchedServlet.toString() );
+                final PwmServletDefinition finalMatchedServlet = matchedServlet;
+                LOGGER.trace( pwmRequest, () -> "matched next url to servlet definition " + finalMatchedServlet.toString() );
                 return Optional.of( pwmRequest.getContextPath() + matchedServlet.servletUrl() );
             }
             else
             {
-                LOGGER.trace( pwmRequest, "unable to match next url parameter to servlet definition" );
+                LOGGER.trace( pwmRequest, () -> "unable to match next url parameter to servlet definition" );
             }
 
 
         }
         catch ( Exception e )
         {
-            LOGGER.debug( "error parsing client specified url parameter: " + e.getMessage() );
+            LOGGER.debug( () -> "error parsing client specified url parameter: " + e.getMessage() );
         }
         return Optional.empty();
     }

server/src/main/java/password/pwm/http/servlet/SetupOtpServlet.java

@@ -302,7 +302,7 @@ public class SetupOtpServlet extends ControlledPwmServlet
             );
             final RestResultBean restResultBean = RestResultBean.withData( passed );
 
-            LOGGER.trace( pwmSession, "returning result for restValidateCode: " + JsonUtil.serialize( restResultBean ) );
+            LOGGER.trace( pwmSession, () -> "returning result for restValidateCode: " + JsonUtil.serialize( restResultBean ) );
             pwmRequest.outputJsonResult( restResultBean );
         }
         catch ( PwmOperationalException e )
@@ -363,7 +363,7 @@ public class SetupOtpServlet extends ControlledPwmServlet
             {
                 if ( pwmRequest.getConfig().isDevDebugMode() )
                 {
-                    LOGGER.trace( pwmRequest, "testing against otp record: " + JsonUtil.serialize( otpBean.getOtpUserRecord() ) );
+                    LOGGER.trace( pwmRequest, () -> "testing against otp record: " + JsonUtil.serialize( otpBean.getOtpUserRecord() ) );
                 }
 
                 if ( otpService.validateToken(
@@ -374,13 +374,13 @@ public class SetupOtpServlet extends ControlledPwmServlet
                         false
                 ) )
                 {
-                    LOGGER.debug( pwmRequest, "test OTP token returned true, valid OTP secret provided" );
+                    LOGGER.debug( pwmRequest, () -> "test OTP token returned true, valid OTP secret provided" );
                     otpBean.setConfirmed( true );
                     otpBean.setChallenge( null );
                 }
                 else
                 {
-                    LOGGER.debug( pwmRequest, "test OTP token returned false, incorrect OTP secret provided" );
+                    LOGGER.debug( pwmRequest, () -> "test OTP token returned false, incorrect OTP secret provided" );
                     setLastError( pwmRequest, new ErrorInformation( PwmError.ERROR_TOKEN_INCORRECT ) );
                 }
             }
@@ -429,7 +429,7 @@ public class SetupOtpServlet extends ControlledPwmServlet
             if ( existingUserRecord != null )
             {
                 otpBean.setHasPreExistingOtp( true );
-                LOGGER.trace( pwmSession, "user has existing otp record" );
+                LOGGER.trace( pwmSession, () -> "user has existing otp record" );
                 return;
             }
         }
@@ -452,10 +452,10 @@ public class SetupOtpServlet extends ControlledPwmServlet
                 );
                 otpBean.setOtpUserRecord( otpUserRecord );
                 otpBean.setRecoveryCodes( rawRecoveryCodes );
-                LOGGER.trace( pwmSession, "generated new otp record" );
+                LOGGER.trace( pwmSession, () -> "generated new otp record" );
                 if ( config.isDevDebugMode() )
                 {
-                    LOGGER.trace( pwmRequest, "newly generated otp record: " + JsonUtil.serialize( otpUserRecord ) );
+                    LOGGER.trace( pwmRequest, () -> "newly generated otp record: " + JsonUtil.serialize( otpUserRecord ) );
                 }
             }
             catch ( Exception e )
@@ -527,7 +527,7 @@ public class SetupOtpServlet extends ControlledPwmServlet
 
             if ( policy == ForceSetupPolicy.FORCE_ALLOW_SKIP )
             {
-                LOGGER.trace( pwmRequest, "allowing setup skipping due to setting "
+                LOGGER.trace( pwmRequest, () -> "allowing setup skipping due to setting "
                         + PwmSetting.OTP_FORCE_SETUP.toMenuLocationDebug( setupOtpProfile.getIdentifier(), pwmRequest.getLocale() ) );
                 return true;
             }
@@ -537,7 +537,7 @@ public class SetupOtpServlet extends ControlledPwmServlet
             {
                 if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES ) )
                 {
-                    LOGGER.trace( pwmRequest, "allowing OTP setup skipping due to user being admin and setting "
+                    LOGGER.trace( pwmRequest, () -> "allowing OTP setup skipping due to user being admin and setting "
                             + PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES.toMenuLocationDebug( null, pwmRequest.getLocale() ) );
                     return true;
                 }

server/src/main/java/password/pwm/http/servlet/SetupResponsesServlet.java

@@ -201,7 +201,7 @@ public class SetupResponsesServlet extends ControlledPwmServlet
     )
             throws PwmUnrecoverableException, ChaiUnavailableException, IOException
     {
-        LOGGER.trace( pwmRequest, "request for response clear received" );
+        LOGGER.trace( pwmRequest, () -> "request for response clear received" );
         final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
         final PwmSession pwmSession = pwmRequest.getPwmSession();
         try
@@ -236,7 +236,7 @@ public class SetupResponsesServlet extends ControlledPwmServlet
     )
             throws PwmUnrecoverableException, ChaiUnavailableException, IOException
     {
-        LOGGER.trace( pwmRequest, "request for skip received" );
+        LOGGER.trace( pwmRequest, () -> "request for skip received" );
 
         final boolean allowSkip = checkIfAllowSkipCr( pwmRequest );
 
@@ -284,8 +284,8 @@ public class SetupResponsesServlet extends ControlledPwmServlet
 
         final ValidationResponseBean validationResponseBean = new ValidationResponseBean( userMessage, success );
         final RestResultBean restResultBean = RestResultBean.withData( validationResponseBean );
-        LOGGER.trace( pwmRequest, "completed rest validate response in "
-                + TimeDuration.fromCurrent( startTime ).asCompactString()
+        LOGGER.trace( pwmRequest, () -> "completed rest validate response in "
+                + TimeDuration.compactFromCurrent( startTime )
                 + ", result=" + JsonUtil.serialize( restResultBean ) );
         pwmRequest.outputJsonResult( restResultBean );
         return ProcessStatus.Halt;
@@ -405,12 +405,12 @@ public class SetupResponsesServlet extends ControlledPwmServlet
         }
         catch ( PwmDataValidationException e )
         {
-            LOGGER.debug( pwmRequest, "error with new " + ( helpdeskMode ? "helpdesk" : "user" ) + " responses: " + e.getErrorInformation().toDebugStr() );
+            LOGGER.debug( pwmRequest, () -> "error with new " + ( helpdeskMode ? "helpdesk" : "user" ) + " responses: " + e.getErrorInformation().toDebugStr() );
             setLastError( pwmRequest, e.getErrorInformation() );
             return;
         }
 
-        LOGGER.trace( pwmRequest, ( helpdeskMode ? "helpdesk" : "user" ) + " responses are acceptable" );
+        LOGGER.trace( pwmRequest, () -> ( helpdeskMode ? "helpdesk" : "user" ) + " responses are acceptable" );
         if ( helpdeskMode )
         {
             setupResponsesBean.getHelpdeskResponseData().setResponseMap( responseMap );
@@ -719,7 +719,7 @@ public class SetupResponsesServlet extends ControlledPwmServlet
             {
                 if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES ) )
                 {
-                    LOGGER.trace( pwmRequest, "allowing c/r answer setup skipping due to user being admin and setting "
+                    LOGGER.trace( pwmRequest, () -> "allowing c/r answer setup skipping due to user being admin and setting "
                             + PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES.toMenuLocationDebug( null, pwmRequest.getLocale() ) );
                     return true;
                 }

server/src/main/java/password/pwm/http/servlet/ShortcutServlet.java

@@ -103,13 +103,13 @@ public class ShortcutServlet extends AbstractPwmServlet
         final ShortcutsBean shortcutsBean = pwmApplication.getSessionStateService().getBean( pwmRequest, ShortcutsBean.class );
         if ( shortcutsBean.getVisibleItems() == null )
         {
-            LOGGER.debug( pwmSession, "building visible shortcut list for user" );
+            LOGGER.debug( pwmSession, () -> "building visible shortcut list for user" );
             final Map<String, ShortcutItem> visibleItems = figureVisibleShortcuts( pwmRequest );
             shortcutsBean.setVisibleItems( visibleItems );
         }
         else
         {
-            LOGGER.trace( pwmSession, "using cashed shortcut values" );
+            LOGGER.trace( pwmSession, () -> "using cashed shortcut values" );
         }
 
         final ShortcutAction action = readProcessAction( pwmRequest );
@@ -219,7 +219,7 @@ public class ShortcutServlet extends AbstractPwmServlet
             final ShortcutItem item = visibleItems.get( link );
 
             pwmApplication.getStatisticsManager().incrementValue( Statistic.SHORTCUTS_SELECTED );
-            LOGGER.trace( pwmSession, "shortcut link selected: " + link + ", setting link for 'forwardURL' to " + item.getShortcutURI() );
+            LOGGER.trace( pwmSession, () -> "shortcut link selected: " + link + ", setting link for 'forwardURL' to " + item.getShortcutURI() );
             pwmSession.getSessionStateBean().setForwardURL( item.getShortcutURI().toString() );
 
             pwmRequest.sendRedirectToContinue();

server/src/main/java/password/pwm/http/servlet/accountinfo/AccountInformationBean.java

@@ -96,7 +96,7 @@ public class AccountInformationBean implements Serializable
         ) );
         builder.passwordRules( makePasswordRules( pwmRequest ) );
 
-        LOGGER.trace( pwmRequest, "generated account information bean in " + TimeDuration.compactFromCurrent( startTime ) );
+        LOGGER.trace( pwmRequest, () -> "generated account information bean in " + TimeDuration.compactFromCurrent( startTime ) );
         return builder.build();
     }
 
@@ -130,7 +130,7 @@ public class AccountInformationBean implements Serializable
         }
         catch ( PwmUnrecoverableException e )
         {
-            LOGGER.debug( sessionLabel, "error reading audit data for user: " + e.getMessage() );
+            LOGGER.debug( sessionLabel, () -> "error reading audit data for user: " + e.getMessage() );
         }
 
         final List<ActivityRecord> returnData = new ArrayList<>();

server/src/main/java/password/pwm/http/servlet/activation/ActivateUserServlet.java

@@ -281,7 +281,7 @@ public class ActivateUserServlet extends ControlledPwmServlet
             pwmApplication.getIntruderManager().convenience().markAttributes( formValues, pwmSession );
             pwmApplication.getIntruderManager().convenience().markAddressAndSession( pwmSession );
             setLastError( pwmRequest, e.getErrorInformation() );
-            LOGGER.debug( pwmSession.getLabel(), e.getErrorInformation().toDebugStr() );
+            LOGGER.debug( pwmSession, e.getErrorInformation() );
         }
 
         return ProcessStatus.Continue;
@@ -353,7 +353,7 @@ public class ActivateUserServlet extends ControlledPwmServlet
         }
         catch ( PwmUnrecoverableException e )
         {
-            LOGGER.debug( pwmRequest, "error while checking entered token: " );
+            LOGGER.debug( pwmRequest, () -> "error while checking entered token: " );
             errorInformation = e.getErrorInformation();
         }
 
@@ -364,7 +364,7 @@ public class ActivateUserServlet extends ControlledPwmServlet
             {
                 errorInformation = new ErrorInformation( PwmError.ERROR_TOKEN_INCORRECT );
             }
-            LOGGER.debug( pwmSession.getLabel(), errorInformation.toDebugStr() );
+            LOGGER.debug( pwmSession, errorInformation );
             setLastError( pwmRequest, errorInformation );
         }
 
@@ -377,7 +377,7 @@ public class ActivateUserServlet extends ControlledPwmServlet
     )
             throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException
     {
-        LOGGER.debug( pwmRequest, "user accepted agreement" );
+        LOGGER.debug( pwmRequest, () -> "user accepted agreement" );
 
         final ActivateUserBean activateUserBean = activateUserBean( pwmRequest );
 

server/src/main/java/password/pwm/http/servlet/activation/ActivateUserUtils.java

@@ -103,7 +103,7 @@ class ActivateUserUtils
         {
             {
                 // execute configured actions
-                LOGGER.debug( pwmSession.getLabel(), "executing configured pre-actions to user " + theUser.getEntryDN() );
+                LOGGER.debug( pwmSession.getLabel(), () -> "executing configured pre-actions to user " + theUser.getEntryDN() );
                 final List<ActionConfiguration> configValues = config.readSettingAsAction( PwmSetting.ACTIVATE_USER_PRE_WRITE_ATTRIBUTES );
                 if ( configValues != null && !configValues.isEmpty() )
                 {
@@ -153,7 +153,7 @@ class ActivateUserUtils
                     {
                         {
                             // execute configured actions
-                            LOGGER.debug( pwmSession.getLabel(), "executing post-activate configured actions to user " + userIdentity.toDisplayString() );
+                            LOGGER.debug( pwmSession.getLabel(), () -> "executing post-activate configured actions to user " + userIdentity.toDisplayString() );
 
                             final MacroMachine macroMachine = pwmSession.getSessionManager().getMacroMachine( pwmApplication );
                             final List<ActionConfiguration> configValues = pwmApplication.getConfig().readSettingAsAction( PwmSetting.ACTIVATE_USER_POST_WRITE_ATTRIBUTES );
@@ -217,7 +217,7 @@ class ActivateUserUtils
             final String tokenizedAttrName = "%" + attrName + "%";
             if ( searchFilter.contains( tokenizedAttrName ) )
             {
-                LOGGER.trace( pwmSession, "skipping validation of ldap value for '" + attrName + "' because it is in search filter" );
+                LOGGER.trace( pwmSession, () -> "skipping validation of ldap value for '" + attrName + "' because it is in search filter" );
             }
             else
             {
@@ -232,10 +232,10 @@ class ActivateUserUtils
                                         attrName,
                                 }
                         );
-                        LOGGER.debug( pwmSession.getLabel(), errorInfo.toDebugStr() );
+                        LOGGER.debug( pwmSession, errorInfo );
                         throw new PwmDataValidationException( errorInfo );
                     }
-                    LOGGER.trace( pwmSession.getLabel(), "successful validation of ldap value for '" + attrName + "'" );
+                    LOGGER.trace( pwmSession, () -> "successful validation of ldap value for '" + attrName + "'" );
                 }
                 catch ( ChaiOperationException e )
                 {
@@ -296,7 +296,7 @@ class ActivateUserUtils
 
         if ( configuredEmailSetting == null )
         {
-            LOGGER.debug( pwmSession, "skipping send activation email for '" + userInfo.getUserIdentity() + "' no email configured" );
+            LOGGER.debug( pwmSession, () -> "skipping send activation email for '" + userInfo.getUserIdentity() + "' no email configured" );
             return false;
         }
 
@@ -327,13 +327,13 @@ class ActivateUserUtils
         }
         catch ( Exception e )
         {
-            LOGGER.debug( pwmSession.getLabel(), "error reading SMS attribute from user '" + pwmSession.getUserInfo().getUserIdentity() + "': " + e.getMessage() );
+            LOGGER.debug( pwmSession, () -> "error reading SMS attribute from user '" + pwmSession.getUserInfo().getUserIdentity() + "': " + e.getMessage() );
             return false;
         }
 
         if ( toSmsNumber == null || toSmsNumber.length() < 1 )
         {
-            LOGGER.debug( pwmSession.getLabel(), "skipping send activation SMS for '" + pwmSession.getUserInfo().getUserIdentity() + "' no SMS number configured" );
+            LOGGER.debug( pwmSession, () -> "skipping send activation SMS for '" + pwmSession.getUserInfo().getUserIdentity() + "' no SMS number configured" );
             return false;
         }
 
@@ -358,7 +358,7 @@ class ActivateUserUtils
         if ( configuredSearchFilter == null || configuredSearchFilter.isEmpty() )
         {
             searchFilter = FormUtility.ldapSearchFilterForForm( pwmApplication, configuredActivationForm );
-            LOGGER.trace( pwmRequest, "auto generated search filter based on activation form: " + searchFilter );
+            LOGGER.trace( pwmRequest, () -> "auto generated search filter based on activation form: " + searchFilter );
         }
         else
         {

server/src/main/java/password/pwm/http/servlet/admin/AdminServlet.java

@@ -370,7 +370,7 @@ public class AdminServlet extends ControlledPwmServlet
                 pwmRequest.readParameterAsString( "command" )
         );
 
-        LOGGER.trace( pwmRequest, "issuing command '" + reportCommand + "' to report engine" );
+        LOGGER.trace( pwmRequest, () -> "issuing command '" + reportCommand + "' to report engine" );
         pwmRequest.getPwmApplication().getReportService().executeCommand( reportCommand );
 
         final RestResultBean restResultBean = RestResultBean.forSuccessMessage( pwmRequest, Message.Success_Unknown );
@@ -495,7 +495,7 @@ public class AdminServlet extends ControlledPwmServlet
         final HashMap<String, Object> resultData = new HashMap<>( Collections.singletonMap( "records", records ) );
 
         final RestResultBean restResultBean = RestResultBean.withData( resultData );
-        LOGGER.debug( pwmRequest.getPwmSession(), "output " + records.size() + " audit records." );
+        LOGGER.debug( pwmRequest, () -> "output " + records.size() + " audit records." );
         pwmRequest.outputJsonResult( restResultBean );
         return ProcessStatus.Halt;
     }

server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServlet.java

@@ -200,7 +200,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
         catch ( PwmDataValidationException e )
         {
             setLastError( pwmRequest, e.getErrorInformation() );
-            LOGGER.debug( pwmRequest, "failed password validation check: " + e.getErrorInformation().toDebugStr() );
+            LOGGER.debug( pwmRequest, () -> "failed password validation check: " + e.getErrorInformation().toDebugStr() );
             return ProcessStatus.Continue;
         }
 
@@ -221,7 +221,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
         }
         catch ( PwmOperationalException e )
         {
-            LOGGER.debug( e.getErrorInformation().toDebugStr() );
+            LOGGER.debug( () -> e.getErrorInformation().toDebugStr() );
             setLastError( pwmRequest, e.getErrorInformation() );
         }
 
@@ -233,7 +233,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
     {
         final ChangePasswordBean changePasswordBean = pwmRequest.getPwmApplication().getSessionStateService().getBean( pwmRequest, ChangePasswordBean.class );
 
-        LOGGER.debug( pwmRequest, "user accepted password change agreement" );
+        LOGGER.debug( pwmRequest, () -> "user accepted password change agreement" );
         if ( !changePasswordBean.isAgreementPassed() )
         {
             changePasswordBean.setAgreementPassed( true );
@@ -265,7 +265,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
         {
             if ( currentPassword == null )
             {
-                LOGGER.debug( pwmRequest, "failed password validation check: currentPassword value is missing" );
+                LOGGER.debug( pwmRequest, () -> "failed password validation check: currentPassword value is missing" );
                 setLastError( pwmRequest, new ErrorInformation( PwmError.ERROR_MISSING_PARAMETER ) );
                 return ProcessStatus.Continue;
             }
@@ -282,7 +282,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
             {
                 pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(
                         userInfo.getUserIdentity(), pwmRequest.getSessionLabel() );
-                LOGGER.debug( pwmRequest, "failed password validation check: currentPassword value is incorrect" );
+                LOGGER.debug( pwmRequest, () -> "failed password validation check: currentPassword value is incorrect" );
                 setLastError( pwmRequest, new ErrorInformation( PwmError.ERROR_BAD_CURRENT_PASSWORD ) );
                 return ProcessStatus.Continue;
             }
@@ -335,7 +335,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
             passwordChangeProgress = checker.figureProgress( progressTracker );
         }
         final RestResultBean restResultBean = RestResultBean.withData( passwordChangeProgress );
-        LOGGER.trace( pwmRequest, "returning result for restCheckProgress: " + JsonUtil.serialize( restResultBean ) );
+        LOGGER.trace( pwmRequest, () -> "returning result for restCheckProgress: " + JsonUtil.serialize( restResultBean ) );
         pwmRequest.outputJsonResult( restResultBean );
         return ProcessStatus.Halt;
     }
@@ -367,7 +367,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
                 try
                 {
                     pwmRequest.getPwmApplication().getStatisticsManager().updateAverageValue( Statistic.AVG_PASSWORD_SYNC_TIME, totalTime.asMillis() );
-                    LOGGER.trace( pwmRequest, "password sync process marked completed (" + totalTime.asCompactString() + ")" );
+                    LOGGER.trace( pwmRequest, () -> "password sync process marked completed (" + totalTime.asCompactString() + ")" );
                 }
                 catch ( Exception e )
                 {
@@ -456,7 +456,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
 
         if ( ChangePasswordServletUtil.warnPageShouldBeShown( pwmRequest, changePasswordBean ) )
         {
-            LOGGER.trace( pwmRequest, "password expiration is within password warn period, forwarding user to warning page" );
+            LOGGER.trace( pwmRequest, () -> "password expiration is within password warn period, forwarding user to warning page" );
             pwmRequest.forwardToJsp( JspUrl.PASSWORD_WARN );
             return;
         }
@@ -529,7 +529,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
         if ( !pwmRequest.isAuthenticated() )
         {
             pwmRequest.respondWithError( PwmError.ERROR_AUTHENTICATION_REQUIRED.toInfo() );
-            LOGGER.debug( pwmRequest, "rejecting action request for unauthenticated session" );
+            LOGGER.debug( pwmRequest, () -> "rejecting action request for unauthenticated session" );
             return ProcessStatus.Halt;
 
         }

server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServletUtil.java

@@ -73,7 +73,7 @@ public class ChangePasswordServletUtil
 
         if ( pwmSession.getLoginInfoBean().getType() == AuthenticationType.AUTH_FROM_PUBLIC_MODULE )
         {
-            LOGGER.debug( pwmSession, "skipping user current password requirement, authentication type is " + AuthenticationType.AUTH_FROM_PUBLIC_MODULE );
+            LOGGER.debug( pwmSession, () -> "skipping user current password requirement, authentication type is " + AuthenticationType.AUTH_FROM_PUBLIC_MODULE );
             return false;
         }
 
@@ -81,7 +81,7 @@ public class ChangePasswordServletUtil
             final PasswordData currentPassword = pwmSession.getLoginInfoBean().getUserCurrentPassword();
             if ( currentPassword == null )
             {
-                LOGGER.debug( pwmSession, "skipping user current password requirement, current password is not known to application" );
+                LOGGER.debug( pwmSession, () -> "skipping user current password requirement, current password is not known to application" );
                 return false;
             }
         }
@@ -122,10 +122,10 @@ public class ChangePasswordServletUtil
                                     attrName,
                             }
                     );
-                    LOGGER.debug( pwmSession, errorInfo.toDebugStr() );
+                    LOGGER.debug( pwmSession, errorInfo );
                     throw new PwmDataValidationException( errorInfo );
                 }
-                LOGGER.trace( pwmSession, "successful validation of ldap value for '" + attrName + "'" );
+                LOGGER.trace( pwmSession, () -> "successful validation of ldap value for '" + attrName + "'" );
             }
             catch ( ChaiOperationException e )
             {
@@ -154,7 +154,7 @@ public class ChangePasswordServletUtil
 
         if ( configuredEmailSetting == null )
         {
-            LOGGER.debug( pwmSession, "skipping change password email for '" + pwmSession.getUserInfo().getUserIdentity() + "' no email configured" );
+            LOGGER.debug( pwmSession, () -> "skipping change password email for '" + pwmSession.getUserInfo().getUserIdentity() + "' no email configured" );
             return;
         }
 
@@ -193,7 +193,7 @@ public class ChangePasswordServletUtil
 
             if ( allowChange )
             {
-                LOGGER.debug( pwmSession, "current password is too young, but skipping enforcement of minimum lifetime check due to setting "
+                LOGGER.debug( pwmSession, () -> "current password is too young, but skipping enforcement of minimum lifetime check due to setting "
                         + PwmSetting.RECOVERY_MINIMUM_PASSWORD_LIFETIME_OPTIONS.toMenuLocationDebug( null, pwmSession.getSessionStateBean().getLocale() ) );
             }
             else

server/src/main/java/password/pwm/http/servlet/command/CommandServlet.java

@@ -152,7 +152,7 @@ public abstract class CommandServlet extends ControlledPwmServlet
             final boolean forceLogoutOnChange = config.readSettingAsBoolean( PwmSetting.LOGOUT_AFTER_PASSWORD_CHANGE );
             if ( forceLogoutOnChange && pwmSession.getSessionStateBean().isPasswordModified() )
             {
-                LOGGER.trace( pwmSession, "logging out user; password has been modified" );
+                LOGGER.trace( pwmSession, () -> "logging out user; password has been modified" );
                 pwmRequest.sendRedirect( PwmServletDefinition.Logout );
                 return ProcessStatus.Halt;
             }
@@ -170,7 +170,7 @@ public abstract class CommandServlet extends ControlledPwmServlet
         final String referrer = pwmRequest.getHttpServletRequest().getHeader( "Referer" );
         final Instant pageLeaveNoticeTime = Instant.now();
         pwmSession.getSessionStateBean().setPageLeaveNoticeTime( pageLeaveNoticeTime );
-        LOGGER.debug( "pageLeaveNotice indicated at " + pageLeaveNoticeTime.toString() + ", referer=" + referrer );
+        LOGGER.debug( () -> "pageLeaveNotice indicated at " + pageLeaveNoticeTime.toString() + ", referer=" + referrer );
         if ( !pwmRequest.getPwmResponse().isCommitted() )
         {
             pwmRequest.getPwmResponse().setHeader( HttpHeader.CacheControl, "no-cache, no-store, must-revalidate" );
@@ -289,12 +289,12 @@ public abstract class CommandServlet extends ControlledPwmServlet
         final LocalSessionStateBean sessionStateBean = pwmRequest.getPwmSession().getSessionStateBean();
 
         final String redirectURL = pwmRequest.getForwardUrl();
-        LOGGER.trace( pwmRequest, "redirecting user to forward url: " + redirectURL );
+        LOGGER.trace( pwmRequest, () -> "redirecting user to forward url: " + redirectURL );
 
         // after redirecting we need to clear the session forward url
         if ( sessionStateBean.getForwardURL() != null )
         {
-            LOGGER.trace( pwmRequest, "clearing session forward url: " + sessionStateBean.getForwardURL() );
+            LOGGER.trace( pwmRequest, () -> "clearing session forward url: " + sessionStateBean.getForwardURL() );
             sessionStateBean.setForwardURL( null );
         }
 

server/src/main/java/password/pwm/http/servlet/configeditor/ConfigEditorServlet.java

@@ -452,7 +452,7 @@ public class ConfigEditorServlet extends ControlledPwmServlet
             final String password = postData.get( "password" );
             configManagerBean.getStoredConfiguration().setPassword( password );
             configManagerBean.setPasswordVerified( true );
-            LOGGER.debug( pwmRequest, "config password updated" );
+            LOGGER.debug( pwmRequest, () -> "config password updated" );
             final RestResultBean restResultBean = RestResultBean.forConfirmMessage( pwmRequest, Config.Confirm_ConfigPasswordStored );
 
             pwmRequest.outputJsonResult( restResultBean );
@@ -492,7 +492,7 @@ public class ConfigEditorServlet extends ControlledPwmServlet
                 ConfigManagerServlet.saveConfiguration( pwmRequest, configManagerBean.getStoredConfiguration() );
                 configManagerBean.setConfiguration( null );
                 configManagerBean.setConfiguration( null );
-                LOGGER.debug( pwmSession, "save configuration operation completed" );
+                LOGGER.debug( pwmSession, () -> "save configuration operation completed" );
                 pwmRequest.outputJsonResult( RestResultBean.forSuccessMessage( pwmRequest, Message.Success_Unknown ) );
             }
             catch ( PwmUnrecoverableException e )
@@ -650,7 +650,7 @@ public class ConfigEditorServlet extends ControlledPwmServlet
             }
 
             restResultBean = RestResultBean.withData( outputMap );
-            LOGGER.trace( pwmRequest, "finished search operation with " + returnData.size() + " results in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
+            LOGGER.trace( pwmRequest, () -> "finished search operation with " + returnData.size() + " results in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
         }
         else
         {
@@ -669,14 +669,14 @@ public class ConfigEditorServlet extends ControlledPwmServlet
     {
         final Instant startTime = Instant.now();
         final ConfigManagerBean configManagerBean = getBean( pwmRequest );
-        LOGGER.debug( pwmRequest, "beginning restLdapHealthCheck" );
+        LOGGER.debug( pwmRequest, () -> "beginning restLdapHealthCheck" );
         final String profileID = pwmRequest.readParameterAsString( "profile" );
         final Configuration config = new Configuration( configManagerBean.getStoredConfiguration() );
         final HealthData healthData = LDAPStatusChecker.healthForNewConfiguration( pwmRequest.getPwmApplication(), config, pwmRequest.getLocale(), profileID, true, true );
         final RestResultBean restResultBean = RestResultBean.withData( healthData );
 
         pwmRequest.outputJsonResult( restResultBean );
-        LOGGER.debug( pwmRequest, "completed restLdapHealthCheck in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
+        LOGGER.debug( pwmRequest, () -> "completed restLdapHealthCheck in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
         return ProcessStatus.Halt;
     }
 
@@ -688,13 +688,13 @@ public class ConfigEditorServlet extends ControlledPwmServlet
     {
         final Instant startTime = Instant.now();
         final ConfigManagerBean configManagerBean = getBean( pwmRequest );
-        LOGGER.debug( pwmRequest, "beginning restDatabaseHealthCheck" );
+        LOGGER.debug( pwmRequest, () -> "beginning restDatabaseHealthCheck" );
         final Configuration config = new Configuration( configManagerBean.getStoredConfiguration() );
         final List<HealthRecord> healthRecords = DatabaseStatusChecker.checkNewDatabaseStatus( pwmRequest.getPwmApplication(), config );
         final HealthData healthData = HealthRecord.asHealthDataBean( config, pwmRequest.getLocale(), healthRecords );
         final RestResultBean restResultBean = RestResultBean.withData( healthData );
         pwmRequest.outputJsonResult( restResultBean );
-        LOGGER.debug( pwmRequest, "completed restDatabaseHealthCheck in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
+        LOGGER.debug( pwmRequest, () -> "completed restDatabaseHealthCheck in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
         return ProcessStatus.Halt;
     }
 
@@ -706,7 +706,7 @@ public class ConfigEditorServlet extends ControlledPwmServlet
     {
         final Instant startTime = Instant.now();
         final ConfigManagerBean configManagerBean = getBean( pwmRequest );
-        LOGGER.debug( pwmRequest, "beginning restSmsHealthCheck" );
+        LOGGER.debug( pwmRequest, () -> "beginning restSmsHealthCheck" );
 
         final List<HealthRecord> returnRecords = new ArrayList<>();
         final Configuration config = new Configuration( configManagerBean.getStoredConfiguration() );
@@ -739,7 +739,7 @@ public class ConfigEditorServlet extends ControlledPwmServlet
         final HealthData healthData = HealthRecord.asHealthDataBean( config, pwmRequest.getLocale(), returnRecords );
         final RestResultBean restResultBean = RestResultBean.withData( healthData );
         pwmRequest.outputJsonResult( restResultBean );
-        LOGGER.debug( pwmRequest, "completed restSmsHealthCheck in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
+        LOGGER.debug( pwmRequest, () -> "completed restSmsHealthCheck in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
         return ProcessStatus.Halt;
     }
 
@@ -887,7 +887,7 @@ public class ConfigEditorServlet extends ControlledPwmServlet
         NavTreeHelper.moveNavItemToTopOfList( PwmSettingCategory.NOTES.toString(), navigationData );
         NavTreeHelper.moveNavItemToTopOfList( PwmSettingCategory.TEMPLATES.toString(), navigationData );
 
-        LOGGER.trace( pwmRequest, "completed navigation tree data request in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
+        LOGGER.trace( pwmRequest, () -> "completed navigation tree data request in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
         pwmRequest.outputJsonResult( RestResultBean.withData( navigationData ) );
         return ProcessStatus.Halt;
     }
@@ -1032,9 +1032,12 @@ public class ConfigEditorServlet extends ControlledPwmServlet
 
         ldapBrowser.close();
 
-        LOGGER.trace( pwmRequest, "performed ldapBrowse operation in "
-                + TimeDuration.fromCurrent( startTime ).asCompactString()
-                + ", result=" + JsonUtil.serialize( result ) );
+        {
+            final LdapBrowser.LdapBrowseResult finalResult = result;
+            LOGGER.trace( pwmRequest, () -> "performed ldapBrowse operation in "
+                    + TimeDuration.fromCurrent( startTime ).asCompactString()
+                    + ", result=" + JsonUtil.serialize( finalResult ) );
+        }
 
         pwmRequest.outputJsonResult( RestResultBean.withData( result ) );
         return ProcessStatus.Halt;

server/src/main/java/password/pwm/http/servlet/configguide/ConfigGuideServlet.java

@@ -402,8 +402,8 @@ public class ConfigGuideServlet extends ControlledPwmServlet
         final LdapBrowser.LdapBrowseResult result = ldapBrowser.doBrowse( profile, dn );
         ldapBrowser.close();
 
-        LOGGER.trace( pwmRequest, "performed ldapBrowse operation in "
-                + TimeDuration.fromCurrent( startTime ).asCompactString()
+        LOGGER.trace( pwmRequest, () -> "performed ldapBrowse operation in "
+                + TimeDuration.compactFromCurrent( startTime )
                 + ", result=" + JsonUtil.serialize( result ) );
 
         pwmRequest.outputJsonResult( RestResultBean.withData( result ) );

server/src/main/java/password/pwm/http/servlet/configguide/ConfigGuideUtils.java

@@ -239,7 +239,7 @@ public class ConfigGuideUtils
                         throw new PwmOperationalException( new ErrorInformation( PwmError.CONFIG_FORMAT_ERROR, configErrors.get( 0 ) ) );
                     }
                     ConfigGuideUtils.writeConfig( ContextManager.getContextManager( req.getSession() ), storedConfig );
-                    LOGGER.trace( pwmSession, "read config from file: " + storedConfig.toString() );
+                    LOGGER.trace( pwmSession, () -> "read config from file: " + storedConfig.toString() );
                     final RestResultBean restResultBean = RestResultBean.forSuccessMessage( pwmRequest, Message.Success_Unknown );
                     pwmRequest.getPwmResponse().outputJsonResult( restResultBean );
                     req.getSession().invalidate();

server/src/main/java/password/pwm/http/servlet/configmanager/ConfigManagerLocalDBServlet.java

@@ -146,7 +146,7 @@ public class ConfigManagerLocalDBServlet extends AbstractPwmServlet
             final int bufferSize = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_DOWNLOAD_BUFFER_SIZE ) );
             final OutputStream bos = new BufferedOutputStream( resp.getOutputStream(), bufferSize );
             localDBUtility.exportLocalDB( bos, LOGGER.asAppendable( PwmLogLevel.DEBUG, pwmRequest.getSessionLabel() ), true );
-            LOGGER.debug( pwmRequest, "completed localDBExport process in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
+            LOGGER.debug( pwmRequest, () -> "completed localDBExport process in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
         }
         catch ( Exception e )
         {

server/src/main/java/password/pwm/http/servlet/configmanager/ConfigManagerServlet.java

@@ -271,7 +271,7 @@ public class ConfigManagerServlet extends AbstractPwmServlet
         {
             final ErrorInformation errorInfo = e.getErrorInformation();
             final RestResultBean restResultBean = RestResultBean.fromError( errorInfo, pwmRequest );
-            LOGGER.debug( pwmSession, errorInfo.toDebugStr() );
+            LOGGER.debug( pwmSession, errorInfo );
             pwmRequest.outputJsonResult( restResultBean );
             return;
         }
@@ -279,7 +279,7 @@ public class ConfigManagerServlet extends AbstractPwmServlet
         {
             final ErrorInformation errorInfo = new ErrorInformation( PwmError.ERROR_INTERNAL, e.getMessage() );
             final RestResultBean restResultBean = RestResultBean.fromError( errorInfo, pwmRequest );
-            LOGGER.debug( pwmSession, errorInfo.toDebugStr() );
+            LOGGER.debug( pwmSession, errorInfo );
             pwmRequest.outputJsonResult( restResultBean );
             return;
         }

server/src/main/java/password/pwm/http/servlet/configmanager/ConfigManagerWordlistServlet.java

@@ -168,7 +168,7 @@ public class ConfigManagerWordlistServlet extends AbstractPwmServlet
         {
             final ErrorInformation errorInfo = new ErrorInformation( PwmError.ERROR_INTERNAL, e.getMessage() );
             final RestResultBean restResultBean = RestResultBean.fromError( errorInfo, pwmRequest );
-            LOGGER.debug( pwmRequest, errorInfo.toDebugStr() );
+            LOGGER.debug( pwmRequest, errorInfo );
             pwmRequest.outputJsonResult( restResultBean );
             return;
         }

server/src/main/java/password/pwm/http/servlet/configmanager/DebugItemGenerator.java

@@ -125,7 +125,7 @@ public class DebugItemGenerator
             try
             {
                 final Instant startTime = Instant.now();
-                LOGGER.trace( pwmRequest, "beginning output of item " + serviceClass.getSimpleName() );
+                LOGGER.trace( pwmRequest, () -> "beginning output of item " + serviceClass.getSimpleName() );
                 final Object newInstance = serviceClass.newInstance();
                 final DebugItemGenerator.Generator newGeneratorItem = ( DebugItemGenerator.Generator ) newInstance;
                 zipOutput.putNextEntry( new ZipEntry( pathPrefix + newGeneratorItem.getFilename() ) );
@@ -134,7 +134,7 @@ public class DebugItemGenerator
                 zipOutput.flush();
                 final String finishMsg = "completed output of " + newGeneratorItem.getFilename()
                         + " in " + TimeDuration.fromCurrent( startTime ).asCompactString();
-                LOGGER.trace( pwmRequest, finishMsg );
+                LOGGER.trace( pwmRequest, () -> finishMsg );
                 debugGeneratorLogFile.printRecord( JavaHelper.toIsoDate( Instant.now() ), finishMsg );
             }
             catch ( Throwable e )

server/src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordServlet.java

@@ -436,7 +436,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
                 if ( configuredSearchFilter == null || configuredSearchFilter.isEmpty() )
                 {
                     searchFilter = FormUtility.ldapSearchFilterForForm( pwmApplication, forgottenPasswordForm );
-                    LOGGER.trace( pwmSession, "auto generated ldap search filter: " + searchFilter );
+                    LOGGER.trace( pwmSession, () -> "auto generated ldap search filter: " + searchFilter );
                 }
                 else
                 {
@@ -486,7 +486,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
                 pwmApplication.getIntruderManager().convenience().markAddressAndSession( pwmSession );
                 pwmApplication.getIntruderManager().convenience().markAttributes( formValues, pwmSession );
 
-                LOGGER.debug( pwmSession, errorInfo.toDebugStr() );
+                LOGGER.debug( pwmSession, errorInfo );
                 setLastError( pwmRequest, errorInfo );
                 return ProcessStatus.Continue;
             }
@@ -544,7 +544,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
         }
         catch ( PwmUnrecoverableException e )
         {
-            LOGGER.debug( pwmRequest, "error while checking entered token: " );
+            LOGGER.debug( pwmRequest, () -> "error while checking entered token: " );
             errorInformation = e.getErrorInformation();
         }
         catch ( PwmOperationalException e )
@@ -600,7 +600,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
             forgottenPasswordBean.getProgress().setRemoteRecoveryMethod( null );
             pwmRequest.respondWithError( errorInformation, true );
             handleUserVerificationBadAttempt( pwmRequest, forgottenPasswordBean, errorInformation );
-            LOGGER.debug( pwmRequest, "unsuccessful remote response verification input: " + errorInformation.toDebugStr() );
+            LOGGER.debug( pwmRequest, () -> "unsuccessful remote response verification input: " + errorInformation.toDebugStr() );
             return ProcessStatus.Continue;
         }
 
@@ -619,7 +619,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
     {
         final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean( pwmRequest );
         final String userEnteredCode = pwmRequest.readParameterAsString( PwmConstants.PARAM_TOKEN );
-        LOGGER.debug( pwmRequest, String.format( "entered OTP: %s", userEnteredCode ) );
+        LOGGER.debug( pwmRequest, () -> String.format( "entered OTP: %s", userEnteredCode ) );
 
         final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo( pwmRequest, forgottenPasswordBean );
         final OTPUserRecord otpUserRecord = userInfo.getOtpUserRecord();
@@ -642,7 +642,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
                 if ( otpPassed )
                 {
                     StatisticsManager.incrementStat( pwmRequest, Statistic.RECOVERY_OTP_PASSED );
-                    LOGGER.debug( pwmRequest, "one time password validation has been passed" );
+                    LOGGER.debug( pwmRequest, () -> "one time password validation has been passed" );
                     forgottenPasswordBean.getProgress().getSatisfiedMethods().add( IdentityVerificationMethod.OTP );
                 }
                 else
@@ -670,7 +670,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
         final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean( pwmRequest );
         if ( forgottenPasswordBean.getProgress().getInProgressVerificationMethod() != IdentityVerificationMethod.OAUTH )
         {
-            LOGGER.debug( pwmRequest, "oauth return detected, however current session did not issue an oauth request; will restart forgotten password sequence" );
+            LOGGER.debug( pwmRequest, () -> "oauth return detected, however current session did not issue an oauth request; will restart forgotten password sequence" );
             pwmRequest.getPwmApplication().getSessionStateService().clearBean( pwmRequest, ForgottenPasswordBean.class );
             pwmRequest.sendRedirect( PwmServletDefinition.ForgottenPassword );
             return ProcessStatus.Halt;
@@ -678,7 +678,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
 
         if ( forgottenPasswordBean.getUserIdentity() == null )
         {
-            LOGGER.debug( pwmRequest, "oauth return detected, however current session does not have a user identity stored; will restart forgotten password sequence" );
+            LOGGER.debug( pwmRequest, () -> "oauth return detected, however current session does not have a user identity stored; will restart forgotten password sequence" );
             pwmRequest.getPwmApplication().getSessionStateService().clearBean( pwmRequest, ForgottenPasswordBean.class );
             pwmRequest.sendRedirect( PwmServletDefinition.ForgottenPassword );
             return ProcessStatus.Halt;
@@ -686,7 +686,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
 
         final String encryptedResult = pwmRequest.readParameterAsString( PwmConstants.PARAM_RECOVERY_OAUTH_RESULT, PwmHttpRequestWrapper.Flag.BypassValidation );
         final OAuthForgottenPasswordResults results = pwmRequest.getPwmApplication().getSecureService().decryptObject( encryptedResult, OAuthForgottenPasswordResults.class );
-        LOGGER.trace( pwmRequest, "received " );
+        LOGGER.trace( pwmRequest, () -> "received" );
 
         final String userDNfromOAuth = results.getUsername();
         if ( userDNfromOAuth == null || userDNfromOAuth.isEmpty() )
@@ -781,7 +781,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
 
             if ( responsesPassed )
             {
-                LOGGER.debug( pwmRequest, "user '" + userIdentity + "' has supplied correct responses" );
+                LOGGER.debug( pwmRequest, () -> "user '" + userIdentity + "' has supplied correct responses" );
             }
             else
             {
@@ -793,7 +793,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
         }
         catch ( ChaiValidationException e )
         {
-            LOGGER.debug( pwmRequest, "chai validation error checking user responses: " + e.getMessage() );
+            LOGGER.debug( pwmRequest, () -> "chai validation error checking user responses: " + e.getMessage() );
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.forChaiError( e.getErrorCode() ) );
             handleUserVerificationBadAttempt( pwmRequest, forgottenPasswordBean, errorInformation );
             return ProcessStatus.Continue;
@@ -830,7 +830,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
         }
 
         {
-            LOGGER.trace( pwmRequest, "preparing to send a new token to user" );
+            LOGGER.trace( pwmRequest, () -> "preparing to send a new token to user" );
             final long delayTime = Long.parseLong( pwmRequest.getConfig().readAppProperty( AppProperty.TOKEN_RESEND_DELAY_MS ) );
             JavaHelper.pause( delayTime );
         }
@@ -911,7 +911,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
                 {
                     if ( theUser.compareStringAttribute( attrName, entry.getValue() ) )
                     {
-                        LOGGER.trace( pwmRequest, "successful validation of ldap attribute value for '" + attrName + "'" );
+                        LOGGER.trace( pwmRequest, () -> "successful validation of ldap attribute value for '" + attrName + "'" );
                     }
                     else
                     {
@@ -970,7 +970,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
             final String profileDebugMsg = forgottenPasswordProfile != null && profileIDList != null && profileIDList.size() > 1
                     ? " profile=" + forgottenPasswordProfile.getIdentifier() + ", "
                     : "";
-            LOGGER.trace( pwmRequest, "entering forgotten password progress engine: "
+            LOGGER.trace( pwmRequest, () -> "entering forgotten password progress engine: "
                     + profileDebugMsg
                     + "flags=" + JsonUtil.serialize( recoveryFlags ) + ", "
                     + "progress=" + JsonUtil.serialize( progress ) );
@@ -993,7 +993,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
                 final String userGuid = LdapOperationsHelper.readLdapGuidValue( pwmApplication, pwmRequest.getSessionLabel(), userIdentity, true );
                 if ( ForgottenPasswordUtil.checkAuthRecord( pwmRequest, userGuid ) )
                 {
-                    LOGGER.debug( pwmRequest, "marking " + IdentityVerificationMethod.PREVIOUS_AUTH + " method as satisfied" );
+                    LOGGER.debug( pwmRequest, () -> "marking " + IdentityVerificationMethod.PREVIOUS_AUTH + " method as satisfied" );
                     progress.getSatisfiedMethods().add( IdentityVerificationMethod.PREVIOUS_AUTH );
                 }
             }
@@ -1047,7 +1047,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
                     if ( remainingAvailableOptionalMethods.size() == 1 )
                     {
                         final IdentityVerificationMethod remainingMethod = remainingAvailableOptionalMethods.iterator().next();
-                        LOGGER.debug( pwmRequest, "only 1 remaining available optional verification method, will redirect to " + remainingMethod.toString() );
+                        LOGGER.debug( pwmRequest, () -> "only 1 remaining available optional verification method, will redirect to " + remainingMethod.toString() );
                         forwardUserBasedOnRecoveryMethod( pwmRequest, remainingMethod );
                         progress.setInProgressVerificationMethod( remainingMethod );
                         return;
@@ -1113,7 +1113,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
         final boolean disallowAllButUnlock = minLifetimeOption == RecoveryMinLifetimeOption.UNLOCKONLY
                 && userInfo.isPasswordLocked();
 
-        LOGGER.trace( pwmRequest, "all recovery checks passed, proceeding to configured recovery action" );
+        LOGGER.trace( pwmRequest, () -> "all recovery checks passed, proceeding to configured recovery action" );
 
         final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction( config, forgottenPasswordBean );
         if ( recoveryAction == RecoveryAction.SENDNEWPW || recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE )
@@ -1199,7 +1199,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
         {
             // try unlocking user
             theUser.unlockPassword();
-            LOGGER.trace( pwmSession, "unlock account succeeded" );
+            LOGGER.trace( pwmSession, () -> "unlock account succeeded" );
         }
         catch ( ChaiOperationException e )
         {
@@ -1287,7 +1287,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
                 {
                     // execute configured actions
                     final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser( userIdentity );
-                    LOGGER.debug( pwmSession, "executing post-forgotten password configured actions to user " + proxiedUser.getEntryDN() );
+                    LOGGER.debug( pwmSession, () -> "executing post-forgotten password configured actions to user " + proxiedUser.getEntryDN() );
                     final List<ActionConfiguration> configValues = pwmApplication.getConfig().readSettingAsAction( PwmSetting.FORGOTTEN_USER_POST_ACTIONS );
                     final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings( pwmApplication, userIdentity )
                             .setMacroMachine( pwmSession.getSessionManager().getMacroMachine( pwmApplication ) )
@@ -1365,8 +1365,10 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
             return;
         }
 
-        LOGGER.debug( pwmRequest, "user initiated forgotten password recovery using '" + forgottenPasswordBean.getUserLocale() + "' locale, but current request locale is now '"
-                + pwmRequest.getLocale() + "', thus, the user progress will be restart and user data will be re-read using current locale" );
+        LOGGER.debug( pwmRequest, () -> "user initiated forgotten password recovery using '"
+                + forgottenPasswordBean.getUserLocale() + "' locale, but current request locale is now '"
+                + pwmRequest.getLocale()
+                + "', thus, the user progress will be restart and user data will be re-read using current locale" );
 
         try
         {
@@ -1394,7 +1396,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
     )
             throws ServletException, PwmUnrecoverableException, IOException
     {
-        LOGGER.debug( pwmRequest, "attempting to forward request to handle verification method " + method.toString() );
+        LOGGER.debug( pwmRequest, () -> "attempting to forward request to handle verification method " + method.toString() );
         final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean( pwmRequest );
         ForgottenPasswordUtil.verifyRequirementsForAuthMethod( pwmRequest, forgottenPasswordBean, method );
         switch ( method )

server/src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordUtil.java

@@ -152,12 +152,12 @@ public class ForgottenPasswordUtil
             {
                 if ( userIdentity.equals( userInfoFromSession.getUserIdentity() ) )
                 {
-                    LOGGER.trace( pwmRequest, "using request cached userInfo" );
+                    LOGGER.trace( pwmRequest, () -> "using request cached userInfo" );
                     return userInfoFromSession;
                 }
                 else
                 {
-                    LOGGER.trace( pwmRequest, "request cached userInfo is not for current user, clearing." );
+                    LOGGER.trace( pwmRequest, () -> "request cached userInfo is not for current user, clearing." );
                     pwmRequest.getHttpServletRequest().getSession().setAttribute( cacheKey, null );
                 }
             }
@@ -218,7 +218,7 @@ public class ForgottenPasswordUtil
 
         if ( configuredEmailSetting == null )
         {
-            LOGGER.debug( pwmRequest, "skipping send unlock notice email for '" + userIdentity + "' no email configured" );
+            LOGGER.debug( pwmRequest, () -> "skipping send unlock notice email for '" + userIdentity + "' no email configured" );
             return;
         }
 
@@ -250,7 +250,7 @@ public class ForgottenPasswordUtil
             final String cookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_AUTHRECORD_NAME );
             if ( cookieName == null || cookieName.isEmpty() )
             {
-                LOGGER.trace( pwmRequest, "skipping auth record cookie read, cookie name parameter is blank" );
+                LOGGER.trace( pwmRequest, () -> "skipping auth record cookie read, cookie name parameter is blank" );
                 return false;
             }
 
@@ -259,7 +259,7 @@ public class ForgottenPasswordUtil
             {
                 if ( authRecord.getGuid() != null && !authRecord.getGuid().isEmpty() && authRecord.getGuid().equals( userGuid ) )
                 {
-                    LOGGER.debug( pwmRequest, "auth record cookie validated" );
+                    LOGGER.debug( pwmRequest, () -> "auth record cookie validated" );
                     return true;
                 }
             }
@@ -439,7 +439,7 @@ public class ForgottenPasswordUtil
         final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile( pwmRequest.getPwmApplication(), forgottenPasswordBean );
         final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction( pwmApplication.getConfig(), forgottenPasswordBean );
 
-        LOGGER.trace( pwmRequest, "beginning process to send new password to user" );
+        LOGGER.trace( pwmRequest, () -> "beginning process to send new password to user" );
 
         if ( !forgottenPasswordBean.getProgress().isAllPassed() )
         {
@@ -453,7 +453,7 @@ public class ForgottenPasswordUtil
         {
             // try unlocking user
             theUser.unlockPassword();
-            LOGGER.trace( pwmRequest, "unlock account succeeded" );
+            LOGGER.trace( pwmRequest, () -> "unlock account succeeded" );
         }
         catch ( ChaiOperationException e )
         {
@@ -484,7 +484,7 @@ public class ForgottenPasswordUtil
                     userInfo.getPasswordPolicy(),
                     pwmApplication
             );
-            LOGGER.trace( pwmRequest, "generated random password value based on password policy for "
+            LOGGER.trace( pwmRequest, () -> "generated random password value based on password policy for "
                     + userIdentity.toDisplayString() );
 
 
@@ -492,7 +492,7 @@ public class ForgottenPasswordUtil
             try
             {
                 theUser.setPassword( newPassword.getStringValue() );
-                LOGGER.trace( pwmRequest, "set user " + userIdentity.toDisplayString()
+                LOGGER.trace( pwmRequest, () -> "set user " + userIdentity.toDisplayString()
                         + " password to system generated random value" );
             }
             catch ( ChaiException e )
@@ -502,7 +502,7 @@ public class ForgottenPasswordUtil
 
             if ( recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE )
             {
-                LOGGER.debug( pwmRequest, "marking user " + userIdentity.toDisplayString() + " password as expired" );
+                LOGGER.debug( pwmRequest, () -> "marking user " + userIdentity.toDisplayString() + " password as expired" );
                 theUser.expirePassword();
             }
 
@@ -625,7 +625,7 @@ public class ForgottenPasswordUtil
         }
         catch ( PwmUnrecoverableException e )
         {
-            LOGGER.debug( sessionLabel, "can't read user's forgotten password profile - assuming no profile assigned, error: " + e.getMessage() );
+            LOGGER.debug( sessionLabel, () -> "can't read user's forgotten password profile - assuming no profile assigned, error: " + e.getMessage() );
         }
 
         if ( forgottenPasswordProfile == null )
@@ -818,7 +818,7 @@ public class ForgottenPasswordUtil
                     }
                     else
                     {
-                        LOGGER.trace( pwmRequest, "excluding optional required attribute(" + formItem.getName() + "), user has no value" );
+                        LOGGER.trace( pwmRequest, () -> "excluding optional required attribute(" + formItem.getName() + "), user has no value" );
                     }
                 }
                 catch ( PwmUnrecoverableException e )

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskCardInfoBean.java

@@ -72,7 +72,7 @@ public class HelpdeskCardInfoBean implements Serializable
     {
         final HelpdeskCardInfoBean.HelpdeskCardInfoBeanBuilder builder = HelpdeskCardInfoBean.builder();
         final Instant startTime = Instant.now();
-        LOGGER.trace( pwmRequest, "beginning to assemble card data report for user " + userIdentity );
+        LOGGER.trace( pwmRequest, () -> "beginning to assemble card data report for user " + userIdentity );
         final Locale actorLocale = pwmRequest.getLocale();
         final ChaiUser theUser = HelpdeskServlet.getChaiUser( pwmRequest, helpdeskProfile, userIdentity );
 
@@ -101,7 +101,7 @@ public class HelpdeskCardInfoBean implements Serializable
 
         if ( pwmRequest.getConfig().isDevDebugMode() )
         {
-            LOGGER.trace( pwmRequest, "completed assembly of card data report for user " + userIdentity
+            LOGGER.trace( pwmRequest, () -> "completed assembly of card data report for user " + userIdentity
                     + " in " + timeDuration.asCompactString() + ", contents: " + JsonUtil.serialize( helpdeskCardInfoBean ) );
         }
 
@@ -157,7 +157,7 @@ public class HelpdeskCardInfoBean implements Serializable
 
         if ( !enabled )
         {
-            LOGGER.debug( pwmRequest, "detailed user data lookup for " + userIdentity.toString() + ", failed photo query filter, denying photo view" );
+            LOGGER.debug( pwmRequest, () -> "detailed user data lookup for " + userIdentity.toString() + ", failed photo query filter, denying photo view" );
             return null;
         }
 
@@ -177,7 +177,7 @@ public class HelpdeskCardInfoBean implements Serializable
             }
             catch ( PwmOperationalException e )
             {
-                LOGGER.debug( pwmRequest, "determined " + userIdentity + " does not have photo data available while generating detail data" );
+                LOGGER.debug( pwmRequest, () -> "determined " + userIdentity + " does not have photo data available while generating detail data" );
                 return null;
             }
         }

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskDetailInfoBean.java

@@ -113,7 +113,7 @@ public class HelpdeskDetailInfoBean implements Serializable
     {
         final HelpdeskDetailInfoBeanBuilder builder = HelpdeskDetailInfoBean.builder();
         final Instant startTime = Instant.now();
-        LOGGER.trace( pwmRequest, "beginning to assemble detail data report for user " + userIdentity );
+        LOGGER.trace( pwmRequest, () -> "beginning to assemble detail data report for user " + userIdentity );
         final Locale actorLocale = pwmRequest.getLocale();
         final ChaiUser theUser = HelpdeskServlet.getChaiUser( pwmRequest, helpdeskProfile, userIdentity );
 
@@ -231,7 +231,7 @@ public class HelpdeskDetailInfoBean implements Serializable
 
         if ( pwmRequest.getConfig().isDevDebugMode() )
         {
-            LOGGER.trace( pwmRequest, "completed assembly of detail data report for user " + userIdentity
+            LOGGER.trace( pwmRequest, () -> "completed assembly of detail data report for user " + userIdentity
                     + " in " + timeDuration.asCompactString() + ", contents: " + JsonUtil.serialize( helpdeskDetailInfoBean ) );
         }
 

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java

@@ -221,7 +221,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
         final HelpdeskClientDataBean returnValues = HelpdeskClientDataBean.fromConfig( helpdeskProfile, pwmRequest.getLocale() );
 
         final RestResultBean restResultBean = RestResultBean.withData( returnValues );
-        LOGGER.trace( pwmRequest, "returning clientData: " + JsonUtil.serialize( restResultBean ) );
+        LOGGER.trace( pwmRequest, () -> "returning clientData: " + JsonUtil.serialize( restResultBean ) );
         pwmRequest.outputJsonResult( restResultBean );
         return ProcessStatus.Halt;
     }
@@ -242,7 +242,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
             return ProcessStatus.Halt;
         }
         final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmApplication() );
-        LOGGER.debug( pwmRequest, "received executeAction request for user " + userIdentity.toString() );
+        LOGGER.debug( pwmRequest, () -> "received executeAction request for user " + userIdentity.toString() );
 
         final List<ActionConfiguration> actionConfigurations = helpdeskProfile.readSettingAsAction( PwmSetting.HELPDESK_ACTIONS );
         final String requestedName = pwmRequest.readParameterAsString( "name" );
@@ -259,7 +259,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
         {
             final String errorMsg = "request to execute unknown action: " + requestedName;
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INTERNAL, errorMsg );
-            LOGGER.debug( pwmRequest, errorInformation.toDebugStr() );
+            LOGGER.debug( pwmRequest, errorInformation );
             final RestResultBean restResultBean = RestResultBean.fromError( errorInformation, pwmRequest );
             pwmRequest.outputJsonResult( restResultBean );
             return ProcessStatus.Halt;
@@ -360,7 +360,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
         {
             final String errorMsg = "error while attempting to delete user " + userIdentity.toString() + ", error: " + e.getMessage();
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INTERNAL, errorMsg );
-            LOGGER.debug( pwmRequest, errorMsg );
+            LOGGER.debug( pwmRequest, () -> errorMsg );
             pwmRequest.outputJsonResult( RestResultBean.fromError( errorInformation, pwmRequest ) );
             return ProcessStatus.Halt;
         }
@@ -619,7 +619,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
             final ChaiError passwordError = e.getErrorCode();
             final PwmError pwmError = PwmError.forChaiError( passwordError );
             pwmRequest.respondWithError( new ErrorInformation( pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError ) );
-            LOGGER.trace( pwmRequest, "ChaiPasswordPolicyException was thrown while resetting password: " + e.toString() );
+            LOGGER.trace( pwmRequest, () -> "ChaiPasswordPolicyException was thrown while resetting password: " + e.toString() );
             return ProcessStatus.Halt;
         }
         catch ( ChaiOperationException e )
@@ -792,7 +792,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
         final String tokenKey = macroMachine.expandMacros( configuredTokenString );
         final EmailItemBean emailItemBean = config.readSettingAsEmail( PwmSetting.EMAIL_HELPDESK_TOKEN, pwmRequest.getLocale() );
 
-        LOGGER.debug( pwmRequest, "generated token code for " + userIdentity.toDelimitedKey() );
+        LOGGER.debug( pwmRequest, () -> "generated token code for " + userIdentity.toDelimitedKey() );
 
         final String smsMessage = config.readSettingAsLocalizedString( PwmSetting.SMS_HELPDESK_TOKEN_TEXT, pwmRequest.getLocale() );
 
@@ -832,7 +832,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
 
         final RestResultBean restResultBean = RestResultBean.withData( helpdeskVerificationRequestBean );
         pwmRequest.outputJsonResult( restResultBean );
-        LOGGER.debug( pwmRequest, "helpdesk operator "
+        LOGGER.debug( pwmRequest, () -> "helpdesk operator "
                 + pwmRequest.getUserInfoIfLoggedIn().toDisplayString()
                 + " issued token for verification against user "
                 + userIdentity.toDisplayString()
@@ -1392,7 +1392,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
         HelpdeskServletUtil.checkIfUserIdentityViewable( pwmRequest, helpdeskProfile, userIdentity  );
         final ChaiUser chaiUser = getChaiUser( pwmRequest, helpdeskProfile, userIdentity );
 
-        LOGGER.debug( pwmRequest, "received user photo request to view user " + userIdentity.toString() );
+        LOGGER.debug( pwmRequest, () -> "received user photo request to view user " + userIdentity.toString() );
 
         final PhotoDataBean photoData;
         try

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServletUtil.java

@@ -212,7 +212,7 @@ public class HelpdeskServletUtil
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_UNAUTHORIZED, errorMsg );
             throw new PwmUnrecoverableException( errorInformation );
         }
-        LOGGER.trace( pwmRequest, "helpdesk detail view request for user details of " + userIdentity.toString() + " by actor " + actorUserIdentity.toString() );
+        LOGGER.trace( pwmRequest, () -> "helpdesk detail view request for user details of " + userIdentity.toString() + " by actor " + actorUserIdentity.toString() );
 
         final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(
                 pwmRequest,
@@ -291,7 +291,7 @@ public class HelpdeskServletUtil
 
         if ( configuredEmailSetting == null )
         {
-            LOGGER.debug( pwmRequest, "skipping send helpdesk unlock notice email for '" + userIdentity + "' no email configured" );
+            LOGGER.debug( pwmRequest, () -> "skipping send helpdesk unlock notice email for '" + userIdentity + "' no email configured" );
             return;
         }
 

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskVerificationStateBean.java

@@ -185,7 +185,10 @@ class HelpdeskVerificationStateBean implements Serializable
         state.maximumAge = maxAge;
         state.purgeOldRecords();
 
-        LOGGER.debug( pwmRequest, "read current state: " + JsonUtil.serialize( state ) );
+        {
+            final HelpdeskVerificationStateBean finalState = state;
+            LOGGER.debug( pwmRequest, () -> "read current state: " + JsonUtil.serialize( finalState ) );
+        }
 
         return state;
     }

server/src/main/java/password/pwm/http/servlet/newuser/NewUserServlet.java

@@ -213,12 +213,12 @@ public class NewUserServlet extends ControlledPwmServlet
             if ( visibleProfiles.size() == 1 )
             {
                 final String singleID = newUserProfileIDs.iterator().next();
-                LOGGER.trace( pwmRequest, "only one new user profile is defined, auto-selecting profile " + singleID );
+                LOGGER.trace( pwmRequest, () -> "only one new user profile is defined, auto-selecting profile " + singleID );
                 newUserBean.setProfileID( singleID );
             }
             else
             {
-                LOGGER.trace( pwmRequest, "new user profile not yet selected, redirecting to choice page" );
+                LOGGER.trace( pwmRequest, () -> "new user profile not yet selected, redirecting to choice page" );
                 pwmRequest.setAttribute( PwmRequestAttribute.NewUser_VisibleProfiles, visibleProfiles );
                 pwmRequest.forwardToJsp( JspUrl.NEW_USER_PROFILE_CHOICE );
                 return;
@@ -334,7 +334,7 @@ public class NewUserServlet extends ControlledPwmServlet
                 final Collection<String> profileIDs = pwmRequest.getConfig().getNewUserProfiles().keySet();
                 if ( profileIDs.contains( requestedProfile ) )
                 {
-                    LOGGER.debug( pwmRequest, "detected profile on request uri: " + requestedProfile );
+                    LOGGER.debug( pwmRequest, () -> "detected profile on request uri: " + requestedProfile );
                     newUserBean.setProfileID( requestedProfile );
                     newUserBean.setUrlSpecifiedProfile( true );
                     pwmRequest.sendRedirect( PwmServletDefinition.NewUser );
@@ -343,7 +343,7 @@ public class NewUserServlet extends ControlledPwmServlet
                 else
                 {
                     final String errorMsg = "unknown requested new user profile";
-                    LOGGER.debug( pwmRequest, errorMsg + ": " + requestedProfile );
+                    LOGGER.debug( pwmRequest, () -> errorMsg + ": " + requestedProfile );
                     throw new PwmUnrecoverableException( new ErrorInformation( PwmError.ERROR_SERVICE_NOT_AVAILABLE ) );
                 }
             }
@@ -385,7 +385,7 @@ public class NewUserServlet extends ControlledPwmServlet
         catch ( PwmOperationalException e )
         {
             final RestResultBean restResultBean = RestResultBean.fromError( e.getErrorInformation(), pwmRequest );
-            LOGGER.debug( pwmRequest, "error while validating new user form: " + e.getMessage() );
+            LOGGER.debug( pwmRequest, () -> "error while validating new user form: " + e.getMessage() );
             pwmRequest.outputJsonResult( restResultBean );
         }
 
@@ -476,7 +476,7 @@ public class NewUserServlet extends ControlledPwmServlet
         }
         catch ( PwmUnrecoverableException e )
         {
-            LOGGER.debug( pwmRequest, "error while checking entered token: " );
+            LOGGER.debug( pwmRequest, () -> "error while checking entered token: " );
             errorInformation = e.getErrorInformation();
         }
 
@@ -512,7 +512,7 @@ public class NewUserServlet extends ControlledPwmServlet
                 {
                     if ( newUserBean.getNewUserForm() == null || !newUserBean.getNewUserForm().isConsistentWith( newUserFormFromToken ) )
                     {
-                        LOGGER.debug( pwmRequest, "token value is valid, but form data does not match current session form data" );
+                        LOGGER.debug( pwmRequest, () -> "token value is valid, but form data does not match current session form data" );
                         final String errorMsg = "sms token does not match current session";
                         errorInformation = new ErrorInformation( PwmError.ERROR_TOKEN_INCORRECT, errorMsg );
                     }
@@ -526,12 +526,12 @@ public class NewUserServlet extends ControlledPwmServlet
 
         if ( errorInformation != null )
         {
-            LOGGER.debug( pwmSession, errorInformation.toDebugStr() );
+            LOGGER.debug( pwmSession, errorInformation );
             setLastError( pwmRequest, errorInformation );
             return ProcessStatus.Continue;
         }
 
-        LOGGER.debug( pwmRequest, "marking token as passed " + JsonUtil.serialize( tokenDestinationItem ) );
+        LOGGER.debug( pwmRequest, () -> "marking token as passed " + JsonUtil.serialize( tokenDestinationItem ) );
         newUserBean.getCompletedTokenFields().add( newUserBean.getCurrentTokenField() );
         newUserBean.setTokenSent( false );
         newUserBean.setCurrentTokenField( null );
@@ -646,7 +646,7 @@ public class NewUserServlet extends ControlledPwmServlet
 
         final RestResultBean restResultBean = RestResultBean.withData( outputMap );
 
-        LOGGER.trace( pwmRequest, "returning result for restCheckProgress: " + JsonUtil.serialize( restResultBean ) );
+        LOGGER.trace( pwmRequest, () -> "returning result for restCheckProgress: " + JsonUtil.serialize( restResultBean ) );
         pwmRequest.outputJsonResult( restResultBean );
         return ProcessStatus.Halt;
     }
@@ -657,7 +657,7 @@ public class NewUserServlet extends ControlledPwmServlet
     )
             throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException
     {
-        LOGGER.debug( pwmRequest, "user accepted new-user agreement" );
+        LOGGER.debug( pwmRequest, () -> "user accepted new-user agreement" );
 
         final NewUserBean newUserBean = getNewUserBean( pwmRequest );
         newUserBean.setAgreementPassed( true );

server/src/main/java/password/pwm/http/servlet/newuser/NewUserUtils.java

@@ -139,7 +139,7 @@ class NewUserUtils
             passwordCheckInfoToException( passwordCheckInfo );
         }
 
-        NewUserUtils.LOGGER.debug( pwmSession, "beginning createUser process for " + newUserDN );
+        NewUserUtils.LOGGER.debug( pwmSession, () -> "beginning createUser process for " + newUserDN );
 
         final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile( pwmRequest );
         final boolean promptForPassword = newUserProfile.readSettingAsBoolean( PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD );
@@ -201,7 +201,7 @@ class NewUserUtils
 
         if ( useTempPw )
         {
-            NewUserUtils.LOGGER.trace( pwmSession, "will use temporary password process for new user entry: " + newUserDN );
+            NewUserUtils.LOGGER.trace( pwmSession, () -> "will use temporary password process for new user entry: " + newUserDN );
             final PasswordData temporaryPassword;
             {
                 final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder()
@@ -214,7 +214,7 @@ class NewUserUtils
             {
                 //set password as admin
                 proxiedUser.setPassword( temporaryPassword.getStringValue() );
-                NewUserUtils.LOGGER.debug( pwmSession, "set temporary password for new user entry: " + newUserDN );
+                NewUserUtils.LOGGER.debug( pwmSession, () -> "set temporary password for new user entry: " + newUserDN );
             }
             catch ( ChaiOperationException e )
             {
@@ -229,7 +229,7 @@ class NewUserUtils
             {
                 try
                 {
-                    NewUserUtils.LOGGER.debug( pwmSession,
+                    NewUserUtils.LOGGER.debug( pwmSession, () ->
                             "setting userAccountControl attribute to enable account " + theUser.getEntryDN() );
                     theUser.writeStringAttribute( "userAccountControl", "512" );
                 }
@@ -245,7 +245,7 @@ class NewUserUtils
             try
             {
                 // bind as user
-                NewUserUtils.LOGGER.debug( pwmSession,
+                NewUserUtils.LOGGER.debug( pwmSession, () ->
                         "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN );
                 final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder( chaiProvider.getChaiConfiguration() )
                         .setSetting( ChaiSetting.BIND_DN, newUserDN )
@@ -254,7 +254,7 @@ class NewUserUtils
                 final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider( chaiConfiguration );
                 final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser( newUserDN );
                 bindAsUser.changePassword( temporaryPassword.getStringValue(), userPassword.getStringValue() );
-                NewUserUtils.LOGGER.debug( pwmSession, "changed to user requested password for new user entry: " + newUserDN );
+                NewUserUtils.LOGGER.debug( pwmSession, () -> "changed to user requested password for new user entry: " + newUserDN );
                 bindAsProvider.close();
             }
             catch ( ChaiOperationException e )
@@ -271,7 +271,7 @@ class NewUserUtils
             {
                 //set password
                 theUser.setPassword( userPassword.getStringValue() );
-                NewUserUtils.LOGGER.debug( pwmSession, "set user requested password for new user entry: " + newUserDN );
+                NewUserUtils.LOGGER.debug( pwmSession, () -> "set user requested password for new user entry: " + newUserDN );
             }
             catch ( ChaiOperationException e )
             {
@@ -298,7 +298,7 @@ class NewUserUtils
             }
         }
 
-        NewUserUtils.LOGGER.trace( pwmSession, "new user ldap creation process complete, now authenticating user" );
+        NewUserUtils.LOGGER.trace( pwmSession, () -> "new user ldap creation process complete, now authenticating user" );
 
         // write data to remote web service
         remoteWriteFormData( pwmRequest, newUserForm );
@@ -314,7 +314,7 @@ class NewUserUtils
                     PwmSetting.NEWUSER_WRITE_ATTRIBUTES );
             if ( actions != null && !actions.isEmpty() )
             {
-                NewUserUtils.LOGGER.debug( pwmSession, "executing configured actions to user " + theUser.getEntryDN() );
+                NewUserUtils.LOGGER.debug( pwmSession, () -> "executing configured actions to user " + theUser.getEntryDN() );
 
                 final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings( pwmApplication, userIdentity )
                         .setExpandPwmMacros( true )
@@ -335,7 +335,7 @@ class NewUserUtils
         // increment the new user creation statistics
         pwmApplication.getStatisticsManager().incrementValue( Statistic.NEW_USERS );
 
-        NewUserUtils.LOGGER.debug( pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(
+        NewUserUtils.LOGGER.debug( pwmSession, () -> "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(
                 startTime ).asCompactString() + ")" );
     }
 
@@ -392,7 +392,7 @@ class NewUserUtils
             }
             final String escapedName = StringUtil.escapeLdapDN( namingValue );
             final String generatedDN = namingAttribute + "=" + escapedName + "," + expandedContext;
-            NewUserUtils.LOGGER.debug( pwmRequest, "generated dn for new user: " + generatedDN );
+            NewUserUtils.LOGGER.debug( pwmRequest, () -> "generated dn for new user: " + generatedDN );
             return generatedDN;
         }
 
@@ -409,11 +409,11 @@ class NewUserUtils
 
                 if ( !testIfEntryNameExists( pwmRequest, expandedName ) )
                 {
-                    NewUserUtils.LOGGER.trace( pwmRequest, "generated entry name for new user is unique: " + expandedName );
+                    NewUserUtils.LOGGER.trace( pwmRequest, () -> "generated entry name for new user is unique: " + expandedName );
                     final String namingAttribute = pwmRequest.getConfig().getDefaultLdapProfile().readSettingAsString( PwmSetting.LDAP_NAMING_ATTRIBUTE );
                     final String escapedName = StringUtil.escapeLdapDN( expandedName );
                     generatedDN = namingAttribute + "=" + escapedName + "," + expandedContext;
-                    NewUserUtils.LOGGER.debug( pwmRequest, "generated dn for new user: " + generatedDN );
+                    NewUserUtils.LOGGER.debug( pwmRequest, () -> "generated dn for new user: " + generatedDN );
                     return generatedDN;
                 }
                 else
@@ -422,7 +422,7 @@ class NewUserUtils
                 }
             }
 
-            NewUserUtils.LOGGER.debug( pwmRequest, "generated entry name for new user is not unique, will try again" );
+            NewUserUtils.LOGGER.debug( pwmRequest, () -> "generated entry name for new user is not unique, will try again" );
             attemptCount++;
         }
         NewUserUtils.LOGGER.error( pwmRequest,
@@ -470,7 +470,7 @@ class NewUserUtils
 
         if ( configuredEmailSetting == null )
         {
-            NewUserUtils.LOGGER.debug( pwmSession,
+            NewUserUtils.LOGGER.debug( pwmSession, () ->
                     "skipping send of new user email for '" + userInfo.getUserIdentity().getUserDN() + "' no email configured" );
             return;
         }

server/src/main/java/password/pwm/http/servlet/oauth/OAuthConsumerServlet.java

@@ -88,7 +88,8 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
                 ? oAuthRequestState.get().getoAuthState().getUseCase()
                 : OAuthUseCase.Authentication;
 
-        LOGGER.trace( pwmRequest, "processing oauth return request, useCase=" + oAuthUseCaseCase + ", incoming oAuthRequestState="
+        LOGGER.trace( pwmRequest, () -> "processing oauth return request, useCase=" + oAuthUseCaseCase
+                + ", incoming oAuthRequestState="
                 + ( oAuthRequestState.isPresent() ? JsonUtil.serialize( oAuthRequestState.get() ) : "none" )
         );
 
@@ -102,7 +103,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
                     if ( oAuthRequestState.isPresent() )
                     {
                         final String nextUrl = oAuthRequestState.get().getoAuthState().getNextUrl();
-                        LOGGER.debug( pwmSession, "received unrecognized oauth response, ignoring authcode and redirecting to embedded next url: " + nextUrl );
+                        LOGGER.debug( pwmSession, () -> "received unrecognized oauth response, ignoring authcode and redirecting to embedded next url: " + nextUrl );
                         pwmRequest.sendRedirect( nextUrl );
                         return;
                     }
@@ -139,7 +140,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
             switch ( oAuthUseCaseCase )
             {
                 case Authentication:
-                    LOGGER.debug( pwmSession, "oauth consumer reached, but user is already authenticated; will proceed and verify authcode matches current user identity." );
+                    LOGGER.debug( pwmSession, () -> "oauth consumer reached, but user is already authenticated; will proceed and verify authcode matches current user identity." );
                     break;
 
                 case ForgottenPassword:
@@ -179,14 +180,14 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
                 switch ( oAuthUseCaseCase )
                 {
                     case Authentication:
-                        LOGGER.debug( pwmSession, "oauth consumer reached but response is not for a request issued during the current session,"
+                        LOGGER.debug( pwmSession, () -> "oauth consumer reached but response is not for a request issued during the current session,"
                                 + " will redirect back to oauth server for verification update" );
                         final String nextURL = oauthState.getNextUrl();
                         oAuthMachine.redirectUserToOAuthServer( pwmRequest, nextURL, null, null );
                         return;
 
                     case ForgottenPassword:
-                        LOGGER.debug( pwmSession, "oauth consumer reached but response is not for a request issued during the current session,"
+                        LOGGER.debug( pwmSession, () -> "oauth consumer reached but response is not for a request issued during the current session,"
                                 + " will redirect back to forgotten password servlet" );
                         pwmRequest.sendRedirect( PwmServletDefinition.ForgottenPassword );
                         return;
@@ -205,7 +206,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
         }
 
         final String requestCodeStr = pwmRequest.readParameterAsString( config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_CODE ) );
-        LOGGER.trace( pwmSession, "received code from oauth server: " + requestCodeStr );
+        LOGGER.trace( pwmSession, () -> "received code from oauth server: " + requestCodeStr );
 
         final OAuthResolveResults resolveResults;
         try
@@ -256,7 +257,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
             }
         }
 
-        LOGGER.debug( pwmSession, "received user login id value from OAuth server: " + oauthSuppliedUsername );
+        LOGGER.debug( pwmSession, () -> "received user login id value from OAuth server: " + oauthSuppliedUsername );
 
         if ( oAuthUseCaseCase == OAuthUseCase.ForgottenPassword )
         {
@@ -277,7 +278,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
                 );
                 if ( resolvedIdentity != null && resolvedIdentity.canonicalEquals( pwmSession.getUserInfo().getUserIdentity(), pwmApplication ) )
                 {
-                    LOGGER.debug( pwmSession, "verified incoming oauth code for already authenticated session does resolve to same as logged in user" );
+                    LOGGER.debug( pwmSession, () -> "verified incoming oauth code for already authenticated session does resolve to same as logged in user" );
                 }
                 else
                 {
@@ -312,7 +313,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
 
             // forward to nextUrl
             final String nextUrl = oauthState.getNextUrl();
-            LOGGER.debug( pwmSession, "oauth authentication completed, redirecting to originally requested URL: " + nextUrl );
+            LOGGER.debug( pwmSession, () -> "oauth authentication completed, redirecting to originally requested URL: " + nextUrl );
             pwmRequest.sendRedirect( nextUrl );
         }
         catch ( PwmException e )
@@ -323,7 +324,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
             return;
         }
 
-        LOGGER.trace( pwmSession, "OAuth login sequence successfully completed" );
+        LOGGER.trace( pwmSession, () -> "OAuth login sequence successfully completed" );
     }
 
     private static OAuthSettings makeOAuthSettings( final PwmRequest pwmRequest, final OAuthState oAuthState ) throws IOException, ServletException, PwmUnrecoverableException
@@ -361,7 +362,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
 
         final String nextUrl = pwmRequest.getContextPath() + PwmServletDefinition.ForgottenPassword.servletUrl();
         final String redirectUrl = PwmURL.appendAndEncodeUrlParameters( nextUrl, httpParams );
-        LOGGER.debug( pwmRequest, "forgotten password oauth sequence complete, redirecting to forgotten password with result data: " + JsonUtil.serialize( results ) );
+        LOGGER.debug( pwmRequest, () -> "forgotten password oauth sequence complete, redirecting to forgotten password with result data: " + JsonUtil.serialize( results ) );
         pwmRequest.sendRedirect( redirectUrl );
     }
 }

server/src/main/java/password/pwm/http/servlet/oauth/OAuthMachine.java

@@ -85,7 +85,7 @@ public class OAuthMachine
             if ( oAuthState != null )
             {
                 final boolean sessionMatch = oAuthState.getSessionID().equals( pwmRequest.getPwmSession().getSessionStateBean().getSessionVerificationKey() );
-                LOGGER.trace( pwmRequest, "read state while parsing oauth consumer request with match=" + sessionMatch + ", " + JsonUtil.serialize( oAuthState ) );
+                LOGGER.trace( pwmRequest, () -> "read state while parsing oauth consumer request with match=" + sessionMatch + ", " + JsonUtil.serialize( oAuthState ) );
                 return Optional.of( new OAuthRequestState( oAuthState, sessionMatch ) );
             }
         }
@@ -103,7 +103,7 @@ public class OAuthMachine
             throws PwmUnrecoverableException, IOException
     {
 
-        LOGGER.trace( pwmRequest, "preparing to redirect user to oauth authentication service, setting nextUrl to " + nextUrl );
+        LOGGER.trace( pwmRequest, () -> "preparing to redirect user to oauth authentication service, setting nextUrl to " + nextUrl );
         pwmRequest.getPwmSession().getSessionStateBean().setOauthInProgress( true );
 
         final Configuration config = pwmRequest.getConfig();
@@ -132,7 +132,7 @@ public class OAuthMachine
         {
             pwmRequest.sendRedirect( redirectUrl );
             pwmRequest.getPwmSession().getSessionStateBean().setOauthInProgress( true );
-            LOGGER.debug( pwmRequest, "redirecting user to oauth id server, url: " + redirectUrl );
+            LOGGER.debug( pwmRequest, () -> "redirecting user to oauth id server, url: " + redirectUrl );
         }
         catch ( PwmUnrecoverableException e )
         {
@@ -348,7 +348,7 @@ public class OAuthMachine
             return false;
         }
 
-        LOGGER.trace( pwmRequest, "oauth access token has expired, attempting to refresh" );
+        LOGGER.trace( pwmRequest, () -> "oauth access token has expired, attempting to refresh" );
 
         try
         {
@@ -359,7 +359,7 @@ public class OAuthMachine
                 if ( resolveResults.getExpiresSeconds() > 0 )
                 {
                     final Instant accessTokenExpirationDate = Instant.ofEpochMilli( System.currentTimeMillis() + 1000 * resolveResults.getExpiresSeconds() );
-                    LOGGER.trace( pwmRequest, "noted oauth access token expiration at timestamp " + JavaHelper.toIsoDate( accessTokenExpirationDate ) );
+                    LOGGER.trace( pwmRequest, () -> "noted oauth access token expiration at timestamp " + JavaHelper.toIsoDate( accessTokenExpirationDate ) );
                     loginInfoBean.setOauthExp( accessTokenExpirationDate );
                     loginInfoBean.setOauthRefToken( resolveResults.getRefreshToken() );
                     return false;
@@ -402,7 +402,7 @@ public class OAuthMachine
                 throw new IllegalStateException( "unexpected oAuthUseCase: " + oAuthUseCase );
         }
 
-        LOGGER.trace( pwmRequest, "issuing oauth state id="
+        LOGGER.trace( pwmRequest, () -> "issuing oauth state id="
                 + oAuthState.getStateID() + " with the next destination URL set to " + oAuthState.getNextUrl() );
 
 
@@ -429,7 +429,7 @@ public class OAuthMachine
 
         final MacroMachine macroMachine = MacroMachine.forUser( pwmRequest, userIdentity );
         final String username = macroMachine.expandMacros( macroText );
-        LOGGER.debug( pwmRequest, "calculated username value for user as: " + username );
+        LOGGER.debug( pwmRequest, () -> "calculated username value for user as: " + username );
 
         final String grantUrl = settings.getLoginURL();
         final String signUrl = grantUrl.replace( "/grant", "/sign" );
@@ -446,13 +446,13 @@ public class OAuthMachine
             requestPayload.put( "data", JsonUtil.serializeCollection( listWrapper ) );
         }
 
-        LOGGER.debug( pwmRequest, "preparing to send username to OAuth /sign endpoint for future injection to /grant redirect" );
+        LOGGER.debug( pwmRequest, () -> "preparing to send username to OAuth /sign endpoint for future injection to /grant redirect" );
         final PwmHttpClientResponse restResults = makeHttpRequest( pwmRequest, "OAuth pre-inject username signing service", settings, signUrl, requestPayload );
 
         final String resultBody = restResults.getBody();
         final Map<String, String> resultBodyMap = JsonUtil.deserializeStringMap( resultBody );
         final String data = resultBodyMap.get( "data" );
-        LOGGER.debug( pwmRequest, "oauth /sign endpoint returned signed username data: " + data );
+        LOGGER.debug( pwmRequest, () -> "oauth /sign endpoint returned signed username data: " + data );
         return data;
     }
 }

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java

@@ -128,7 +128,7 @@ class PeopleSearchDataReader
 
         StatisticsManager.incrementStat( pwmRequest, Statistic.PEOPLESEARCH_SEARCHES );
         storeDataInCache( pwmRequest.getPwmApplication(), cacheKey, searchResultBean );
-        LOGGER.trace( pwmRequest, "returning " + searchResultBean.getSearchResults().size()
+        LOGGER.trace( pwmRequest, () -> "returning " + searchResultBean.getSearchResults().size()
                 + " results for search request "
                 + JsonUtil.serialize( searchRequestBean ) );
         return searchResultBean;
@@ -154,7 +154,7 @@ class PeopleSearchDataReader
             if ( cachedOutput != null )
             {
                 StatisticsManager.incrementStat( pwmRequest, Statistic.PEOPLESEARCH_CACHE_HITS );
-                LOGGER.trace( pwmRequest, "completed makeOrgChartData of " + userIdentity.toDisplayString() + " from cache" );
+                LOGGER.trace( pwmRequest, () -> "completed makeOrgChartData of " + userIdentity.toDisplayString() + " from cache" );
                 return cachedOutput;
             }
             else
@@ -220,7 +220,11 @@ class PeopleSearchDataReader
 
         final TimeDuration totalTime = TimeDuration.fromCurrent( startTime );
         storeDataInCache( pwmRequest.getPwmApplication(), cacheKey, orgChartData );
-        LOGGER.trace( pwmRequest, "completed makeOrgChartData of " + userIdentity.toDisplayString() + " in " + totalTime.asCompactString() + " with " + childCount + " children" );
+        {
+            final int finalChildCount = childCount;
+            LOGGER.trace( pwmRequest, () -> "completed makeOrgChartData of " + userIdentity.toDisplayString()
+                    + " in " + totalTime.asCompactString() + " with " + finalChildCount + " children" );
+        }
         return orgChartData;
     }
 
@@ -269,7 +273,7 @@ class PeopleSearchDataReader
 
         userDetailBean.setLinks( makeUserDetailLinks( userIdentity ) );
 
-        LOGGER.trace( pwmRequest.getPwmSession(), "finished building userDetail result in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
+        LOGGER.trace( pwmRequest, () -> "finished building userDetail result in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
         storeDataInCache( pwmRequest.getPwmApplication(), cacheKey, userDetailBean );
         return userDetailBean;
     }
@@ -425,7 +429,7 @@ class PeopleSearchDataReader
             }
             else
             {
-                LOGGER.trace( pwmRequest, "discarding userDN " + userDN + " from attribute " + attributeName + " because maximum value count has been reached" );
+                LOGGER.trace( pwmRequest, () -> "discarding userDN " + userDN + " from attribute " + attributeName + " because maximum value count has been reached" );
             }
 
         }
@@ -472,7 +476,7 @@ class PeopleSearchDataReader
         final boolean enabled = peopleSearchConfiguration.isPhotosEnabled( pwmRequest.getUserInfoIfLoggedIn(), pwmRequest.getSessionLabel() );
         if ( !enabled )
         {
-            LOGGER.debug( pwmRequest, "detailed user data lookup for " + userIdentity.toString() + ", failed photo query filter, denying photo view" );
+            LOGGER.debug( pwmRequest, () -> "detailed user data lookup for " + userIdentity.toString() + ", failed photo query filter, denying photo view" );
             return null;
         }
 
@@ -491,7 +495,7 @@ class PeopleSearchDataReader
             }
             catch ( PwmOperationalException e )
             {
-                LOGGER.debug( pwmRequest, "determined " + userIdentity + " does not have photo data available while generating detail data" );
+                LOGGER.debug( pwmRequest, () -> "determined " + userIdentity + " does not have photo data available while generating detail data" );
                 return null;
             }
         }
@@ -662,7 +666,7 @@ class PeopleSearchDataReader
         }
         finally
         {
-            LOGGER.trace( pwmRequest, "completed checkIfUserViewable for " + userIdentity.toDisplayString() + " in " + TimeDuration.compactFromCurrent( startTime ) );
+            LOGGER.trace( pwmRequest, () -> "completed checkIfUserViewable for " + userIdentity.toDisplayString() + " in " + TimeDuration.compactFromCurrent( startTime ) );
         }
     }
 
@@ -878,7 +882,7 @@ class PeopleSearchDataReader
         }
 
         final TimeDuration searchDuration = TimeDuration.fromCurrent( startTime );
-        LOGGER.trace( pwmRequest.getPwmSession(), "finished rest peoplesearch search in "
+        LOGGER.trace( pwmRequest, () -> "finished rest peoplesearch search in "
                 + searchDuration.asCompactString() + " not using cache, size=" + results.getResults().size() );
 
 
@@ -914,7 +918,7 @@ class PeopleSearchDataReader
             }
             catch ( ChaiOperationException e )
             {
-                LOGGER.trace( pwmRequest, "error reading attribute for user '" + userIdentity.toDisplayString() + "', error: " + e.getMessage() );
+                LOGGER.trace( pwmRequest, () -> "error reading attribute for user '" + userIdentity.toDisplayString() + "', error: " + e.getMessage() );
                 return null;
             }
             catch ( ChaiUnavailableException e )
@@ -961,7 +965,7 @@ class PeopleSearchDataReader
     )
     {
         final Instant startTime = Instant.now();
-        LOGGER.trace( pwmRequest, "beginning csv export starting with user " + userIdentity.toDisplayString() + " and depth of " + depth );
+        LOGGER.trace( pwmRequest, () -> "beginning csv export starting with user " + userIdentity.toDisplayString() + " and depth of " + depth );
 
         final ThreadPoolExecutor executor = pwmRequest.getPwmApplication().getPeopleSearchService().getJobExecutor();
 
@@ -980,7 +984,7 @@ class PeopleSearchDataReader
         JavaHelper.pause( maxDuration.asMillis(), 1000, o -> ( executor.getQueue().size() + executor.getActiveCount() <= 0 ) );
 
         final TimeDuration timeDuration = TimeDuration.fromCurrent( startTime );
-        LOGGER.trace( pwmRequest, "completed csv export of " + rowCounter.get() + " records in " + timeDuration.asCompactString() );
+        LOGGER.trace( pwmRequest, () -> "completed csv export of " + rowCounter.get() + " records in " + timeDuration.asCompactString() );
     }
 
     @Value

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchServlet.java

@@ -133,7 +133,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
         );
 
         final RestResultBean restResultBean = RestResultBean.withData( peopleSearchClientConfigBean );
-        LOGGER.trace( pwmRequest, "returning clientData: " + JsonUtil.serialize( restResultBean ) );
+        LOGGER.trace( pwmRequest, () -> "returning clientData: " + JsonUtil.serialize( restResultBean ) );
         pwmRequest.outputJsonResult( restResultBean );
         return ProcessStatus.Halt;
     }
@@ -154,7 +154,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
         addExpiresHeadersToResponse( pwmRequest );
         pwmRequest.outputJsonResult( restResultBean );
 
-        LOGGER.trace( pwmRequest, "returning " + searchResultBean.getSearchResults().size() + " results for search request " + JsonUtil.serialize( searchRequest ) );
+        LOGGER.trace( pwmRequest, () -> "returning " + searchResultBean.getSearchResults().size() + " results for search request " + JsonUtil.serialize( searchRequest ) );
         return ProcessStatus.Halt;
     }
 
@@ -244,7 +244,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
         final PeopleSearchDataReader peopleSearchDataReader = new PeopleSearchDataReader( pwmRequest );
         final UserIdentity userIdentity = readUserIdentityFromKey( pwmRequest, userKey );
 
-        LOGGER.debug( pwmRequest, "received user photo request to view user " + userIdentity.toString() );
+        LOGGER.debug( pwmRequest, () -> "received user photo request to view user " + userIdentity.toString() );
 
         final PhotoDataBean photoData;
         try

server/src/main/java/password/pwm/http/servlet/resource/ResourceServletConfiguration.java

@@ -101,7 +101,7 @@ class ResourceServletConfiguration
                         );
                         final ZipFile zipFile = new ZipFile( zipFileFile );
                         zipResources.put( ResourceFileServlet.RESOURCE_PATH + configuredZipFileResource.getUrl(), zipFile );
-                        LOGGER.debug( "registered resource-zip file " + configuredZipFileResource.getZipFile() + " at path " + zipFileFile.getAbsolutePath() );
+                        LOGGER.debug( () -> "registered resource-zip file " + configuredZipFileResource.getZipFile() + " at path " + zipFileFile.getAbsolutePath() );
                     }
                     catch ( IOException e )
                     {
@@ -121,7 +121,7 @@ class ResourceServletConfiguration
             final Map.Entry<FileValue.FileInformation, FileValue.FileContent> entry = files.entrySet().iterator().next();
             final FileValue.FileInformation fileInformation = entry.getKey();
             final FileValue.FileContent fileContent = entry.getValue();
-            LOGGER.debug( "examining configured zip file resource for items name=" + fileInformation.getFilename() + ", size=" + fileContent.size() );
+            LOGGER.debug( () -> "examining configured zip file resource for items name=" + fileInformation.getFilename() + ", size=" + fileContent.size() );
 
             try
             {

server/src/main/java/password/pwm/http/servlet/resource/ResourceServletService.java

@@ -235,7 +235,7 @@ public class ResourceServletService implements PwmService
 
         final byte[] checksumBytes = checksumStream.getInProgressChecksum();
         final String nonce = StringUtil.truncate( JavaHelper.byteArrayToHexString( checksumBytes ).toLowerCase(), nonceLength );
-        LOGGER.debug( "completed generation of nonce '" + nonce + "' in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
+        LOGGER.debug( () -> "completed generation of nonce '" + nonce + "' in " + TimeDuration.fromCurrent( startTime ).asCompactString() );
 
         final String noncePrefix = pwmApplication.getConfig().readAppProperty( AppProperty.HTTP_RESOURCES_NONCE_PATH_PREFIX );
         return "/" + noncePrefix + nonce;
@@ -274,12 +274,12 @@ public class ResourceServletService implements PwmService
             final FileResource resolvedFile = ResourceFileServlet.resolveRequestedFile( servletContext, themePathUrl, getResourceServletConfiguration() );
             if ( resolvedFile != null && resolvedFile.exists() )
             {
-                LOGGER.debug( pwmRequest, "check for theme validity of '" + themeName + "' returned true" );
+                LOGGER.debug( pwmRequest, () -> "check for theme validity of '" + themeName + "' returned true" );
                 return true;
             }
         }
 
-        LOGGER.debug( pwmRequest, "check for theme validity of '" + themeName + "' returned false" );
+        LOGGER.debug( pwmRequest, () -> "check for theme validity of '" + themeName + "' returned false" );
         return false;
     }
 }

server/src/main/java/password/pwm/http/servlet/updateprofile/UpdateProfileServlet.java

@@ -183,7 +183,7 @@ public class UpdateProfileServlet extends ControlledPwmServlet
         }
         catch ( PwmUnrecoverableException e )
         {
-            LOGGER.debug( pwmRequest, "error while checking entered token: " );
+            LOGGER.debug( pwmRequest, () -> "error while checking entered token: " );
             errorInformation = e.getErrorInformation();
         }
 
@@ -194,7 +194,7 @@ public class UpdateProfileServlet extends ControlledPwmServlet
             return ProcessStatus.Halt;
         }
 
-        LOGGER.debug( pwmRequest, "marking token as passed " + JsonUtil.serialize( tokenDestinationItem ) );
+        LOGGER.debug( pwmRequest, () -> "marking token as passed " + JsonUtil.serialize( tokenDestinationItem ) );
         updateProfileBean.getCompletedTokenFields().add( updateProfileBean.getCurrentTokenField() );
         updateProfileBean.setTokenSent( false );
         updateProfileBean.setCurrentTokenField( null );
@@ -279,7 +279,7 @@ public class UpdateProfileServlet extends ControlledPwmServlet
     ProcessStatus handleAgreeRequest( final PwmRequest pwmRequest )
             throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException
     {
-        LOGGER.debug( pwmRequest, "user accepted agreement" );
+        LOGGER.debug( pwmRequest, () -> "user accepted agreement" );
 
         final UpdateProfileBean updateProfileBean = getBean( pwmRequest );
         if ( !updateProfileBean.isAgreementPassed() )

server/src/main/java/password/pwm/http/servlet/updateprofile/UpdateProfileUtil.java

@@ -167,7 +167,7 @@ public class UpdateProfileUtil
 
         if ( configuredEmailSetting == null )
         {
-            LOGGER.debug( sessionLabel, "skipping send profile update email for '" + userInfo.getUserIdentity().toDisplayString() + "' no email configured" );
+            LOGGER.debug( sessionLabel, () -> "skipping send profile update email for '" + userInfo.getUserIdentity().toDisplayString() + "' no email configured" );
         }
     }
 
@@ -375,7 +375,7 @@ public class UpdateProfileUtil
             final List<ActionConfiguration> actions = updateProfileProfile.readSettingAsAction( PwmSetting.UPDATE_PROFILE_WRITE_ATTRIBUTES );
             if ( actions != null && !actions.isEmpty() )
             {
-                LOGGER.debug( sessionLabel, "executing configured actions to user " + userIdentity );
+                LOGGER.debug( sessionLabel, () -> "executing configured actions to user " + userIdentity );
 
 
                 final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings( pwmApplication, userIdentity )

server/src/main/java/password/pwm/http/state/CryptoCookieBeanImpl.java

@@ -71,7 +71,7 @@ class CryptoCookieBeanImpl implements SessionBeanProvider
         }
         catch ( PwmException e )
         {
-            LOGGER.debug( pwmRequest, "ignoring existing existing " + cookieName + " cookie bean due to error: " + e.getMessage() );
+            LOGGER.debug( pwmRequest, () -> "ignoring existing existing " + cookieName + " cookie bean due to error: " + e.getMessage() );
         }
 
         final E newBean = SessionStateService.newBean( sessionGuid, theClass );
@@ -90,14 +90,14 @@ class CryptoCookieBeanImpl implements SessionBeanProvider
         {
             if ( cookieBean.getGuid() == null )
             {
-                LOGGER.trace( pwmRequest, "disregarded existing " + cookieName + " cookie bean due to missing guid" );
+                LOGGER.trace( pwmRequest, () -> "disregarded existing " + cookieName + " cookie bean due to missing guid" );
                 return false;
             }
 
             final String sessionGuid = pwmRequest.getPwmSession().getLoginInfoBean().getGuid();
             if ( !cookieBean.getGuid().equals( sessionGuid ) )
             {
-                LOGGER.trace( pwmRequest, "disregarded existing " + cookieName + " cookie bean due to session change" );
+                LOGGER.trace( pwmRequest, () -> "disregarded existing " + cookieName + " cookie bean due to session change" );
                 return false;
             }
         }
@@ -106,7 +106,7 @@ class CryptoCookieBeanImpl implements SessionBeanProvider
         {
             if ( cookieBean.getTimestamp() == null )
             {
-                LOGGER.trace( pwmRequest, "disregarded existing " + cookieName + " cookie bean due to missing timestamp" );
+                LOGGER.trace( pwmRequest, () -> "disregarded existing " + cookieName + " cookie bean due to missing timestamp" );
                 return false;
             }
 
@@ -114,7 +114,7 @@ class CryptoCookieBeanImpl implements SessionBeanProvider
             final long maxIdleSeconds = pwmRequest.getConfig().readSettingAsLong( PwmSetting.IDLE_TIMEOUT_SECONDS );
             if ( cookieLifeDuration.isLongerThan( maxIdleSeconds, TimeDuration.Unit.SECONDS ) )
             {
-                LOGGER.trace( pwmRequest, "disregarded existing " + cookieName + " cookie bean due to outdated timestamp (" + cookieLifeDuration.asCompactString() + ")" );
+                LOGGER.trace( pwmRequest, () -> "disregarded existing " + cookieName + " cookie bean due to outdated timestamp (" + cookieLifeDuration.asCompactString() + ")" );
                 return false;
             }
         }

server/src/main/java/password/pwm/http/state/CryptoCookieLoginImpl.java

@@ -42,6 +42,7 @@ import password.pwm.svc.stats.Statistic;
 import password.pwm.svc.stats.StatisticsManager;
 import password.pwm.util.java.JsonUtil;
 import password.pwm.util.java.TimeDuration;
+import password.pwm.util.logging.PwmLogLevel;
 import password.pwm.util.logging.PwmLogger;
 
 import java.time.Instant;
@@ -79,7 +80,11 @@ class CryptoCookieLoginImpl implements SessionLoginProvider
                     COOKIE_PATH
             );
 
-            LOGGER.trace( pwmRequest, "wrote LoginInfoBean=" + loginInfoBean.toDebugString() );
+            if ( LOGGER.isEnabled( PwmLogLevel.TRACE ) )
+            {
+                final String debugTxt = loginInfoBean.toDebugString();
+                LOGGER.trace( pwmRequest, () -> "wrote LoginInfoBean=" + debugTxt );
+            }
         }
         catch ( PwmUnrecoverableException e )
         {
@@ -101,7 +106,7 @@ class CryptoCookieLoginImpl implements SessionLoginProvider
         {
             final String errorMsg = "unexpected error reading login cookie, will clear and ignore; error: " + e.getMessage();
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_CRYPT_ERROR, errorMsg );
-            LOGGER.trace( pwmRequest, errorInformation.toDebugStr() );
+            LOGGER.trace( pwmRequest, () -> errorInformation.toDebugStr() );
             clearLoginSession( pwmRequest );
             return;
         }
@@ -116,7 +121,7 @@ class CryptoCookieLoginImpl implements SessionLoginProvider
                 }
                 catch ( PwmOperationalException e )
                 {
-                    LOGGER.debug( pwmRequest, e.getErrorInformation().toDebugStr() );
+                    LOGGER.debug( pwmRequest, () -> e.getErrorInformation().toDebugStr() );
                     clearLoginSession( pwmRequest );
                     return;
                 }
@@ -165,7 +170,7 @@ class CryptoCookieLoginImpl implements SessionLoginProvider
             }
             else
             {
-                LOGGER.debug( pwmRequest, "triggering authentication because request contains an authenticated session but local session is unauthenticated" );
+                LOGGER.debug( pwmRequest, () -> "triggering authentication because request contains an authenticated session but local session is unauthenticated" );
                 final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(
                         pwmRequest.getPwmApplication(),
                         pwmRequest.getPwmSession(),
@@ -189,7 +194,7 @@ class CryptoCookieLoginImpl implements SessionLoginProvider
                         );
                     }
                     remoteLoginCookie.getAuthFlags().add( AuthenticationType.AUTH_FROM_REQ_COOKIE );
-                    LOGGER.debug( pwmRequest, "logged in using encrypted request cookie = " + JsonUtil.serialize( remoteLoginCookie ) );
+                    LOGGER.debug( pwmRequest, () -> "logged in using encrypted request cookie = " + JsonUtil.serialize( remoteLoginCookie ) );
                 }
                 catch ( Exception e )
                 {
@@ -201,9 +206,10 @@ class CryptoCookieLoginImpl implements SessionLoginProvider
             }
         }
 
-        if ( pwmRequest.getConfig().isDevDebugMode() )
+        if ( pwmRequest.getConfig().isDevDebugMode() && LOGGER.isEnabled( PwmLogLevel.TRACE ) )
         {
-            LOGGER.trace( pwmRequest, "imported LoginInfoBean=" + remoteLoginCookie.toDebugString() );
+            final String debugTxt = remoteLoginCookie.toDebugString();
+            LOGGER.trace( pwmRequest, () -> "imported LoginInfoBean=" + debugTxt );
         }
         pwmRequest.getPwmSession().setLoginInfoBean( remoteLoginCookie );
     }
@@ -268,7 +274,7 @@ class CryptoCookieLoginImpl implements SessionLoginProvider
             final String logMsg = "login cookie session was generated by a foreign instance, seen login cookie value = "
                     + remoteLoginInfoBean.toDebugString();
             StatisticsManager.incrementStat( pwmRequest.getPwmApplication(), Statistic.FOREIGN_SESSIONS_ACCEPTED );
-            LOGGER.trace( pwmRequest, logMsg );
+            LOGGER.trace( pwmRequest, () -> logMsg );
         }
     }
 }

server/src/main/java/password/pwm/http/tag/DisplayTag.java

@@ -141,13 +141,13 @@ public class DisplayTag extends PwmAbstractTag
         catch ( PwmUnrecoverableException e )
         {
             {
-                LOGGER.debug( "error while executing jsp display tag: " + e.getMessage() );
+                LOGGER.debug( () -> "error while executing jsp display tag: " + e.getMessage() );
                 return EVAL_PAGE;
             }
         }
         catch ( Exception e )
         {
-            LOGGER.debug( "error while executing jsp display tag: " + e.getMessage(), e );
+            LOGGER.debug( () -> "error while executing jsp display tag: " + e.getMessage(), e );
             throw new JspTagException( e.getMessage(), e );
         }
         return EVAL_PAGE;

server/src/main/java/password/pwm/ldap/LdapBrowser.java

@@ -232,7 +232,7 @@ public class LdapBrowser
                     }
                     catch ( Exception e )
                     {
-                        LOGGER.debug( "error during subordinate entry count of " + dn + ", error: " + e.getMessage() );
+                        LOGGER.debug( () -> "error during subordinate entry count of " + dn + ", error: " + e.getMessage() );
                     }
                 }
                 returnMap.put( resultDN, hasSubs );

server/src/main/java/password/pwm/ldap/LdapOperationsHelper.java

@@ -172,7 +172,7 @@ public class LdapOperationsHelper
     )
             throws PwmUnrecoverableException
     {
-        LOGGER.trace( sessionLabel, "opening new ldap proxy connection" );
+        LOGGER.trace( sessionLabel, () -> "opening new ldap proxy connection" );
 
         final String proxyDN = ldapProfile.readSettingAsString( PwmSetting.LDAP_PROXY_USER_DN );
         final PasswordData proxyPW = ldapProfile.readSettingAsPassword( PwmSetting.LDAP_PROXY_USER_PASSWORD );
@@ -424,7 +424,7 @@ public class LdapOperationsHelper
                     }
                     else
                     {
-                        LOGGER.debug( "skipping attribute modify for attribute '" + attrName + "', no change in value" );
+                        LOGGER.debug( () -> "skipping attribute modify for attribute '" + attrName + "', no change in value" );
                     }
                 }
             }
@@ -457,11 +457,11 @@ public class LdapOperationsHelper
                     final String guidValue = theUser.readGUID();
                     if ( guidValue != null && guidValue.length() > 1 )
                     {
-                        LOGGER.trace( sessionLabel, "read VENDORGUID value for user " + theUser + ": " + guidValue );
+                        LOGGER.trace( sessionLabel, () -> "read VENDORGUID value for user " + theUser + ": " + guidValue );
                     }
                     else
                     {
-                        LOGGER.trace( sessionLabel, "unable to find a VENDORGUID value for user " + theUser.getEntryDN() );
+                        LOGGER.trace( sessionLabel, () -> "unable to find a VENDORGUID value for user " + theUser.getEntryDN() );
                     }
                     return guidValue;
                 }
@@ -624,7 +624,7 @@ public class LdapOperationsHelper
     {
         final List<String> ldapURLs = ldapProfile.readSettingAsStringArray( PwmSetting.LDAP_SERVER_URLS );
         final ChaiConfiguration chaiConfig = createChaiConfiguration( config, ldapProfile, ldapURLs, userDN, userPassword );
-        LOGGER.trace( sessionLabel, "creating new ldap connection using config: " + chaiConfig.toString() );
+        LOGGER.trace( sessionLabel, () -> "creating new ldap connection using config: " + chaiConfig.toString() );
         return chaiProviderFactory.newProvider( chaiConfig );
     }
 
@@ -640,7 +640,7 @@ public class LdapOperationsHelper
             throws ChaiUnavailableException, PwmUnrecoverableException
     {
         final ChaiConfiguration chaiConfig = createChaiConfiguration( config, ldapProfile, ldapURLs, userDN, userPassword );
-        LOGGER.trace( sessionLabel, "creating new ldap connection using config: " + chaiConfig.toString() );
+        LOGGER.trace( sessionLabel, () -> "creating new ldap connection using config: " + chaiConfig.toString() );
         return pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider( chaiConfig );
     }
 
@@ -812,12 +812,12 @@ public class LdapOperationsHelper
             try
             {
                 theUser.writeDateAttribute( updateAttribute, Instant.now() );
-                LOGGER.debug( sessionLabel, "wrote pwdLastModified update attribute for " + theUser.getEntryDN() );
+                LOGGER.debug( sessionLabel, () -> "wrote pwdLastModified update attribute for " + theUser.getEntryDN() );
                 success = true;
             }
             catch ( ChaiOperationException e )
             {
-                LOGGER.debug( sessionLabel, "error writing update attribute for user '" + theUser.getEntryDN() + "' " + e.getMessage() );
+                LOGGER.debug( sessionLabel, () -> "error writing update attribute for user '" + theUser.getEntryDN() + "' " + e.getMessage() );
             }
         }
 
@@ -911,7 +911,7 @@ public class LdapOperationsHelper
             searchConfiguration = builder.build();
         }
 
-        LOGGER.debug( sessionLabel, "beginning user search using parameters: " + ( JsonUtil.serialize( searchConfiguration ) ) );
+        LOGGER.debug( sessionLabel, () -> "beginning user search using parameters: " + ( JsonUtil.serialize( searchConfiguration ) ) );
 
         final Map<UserIdentity, Map<String, String>> searchResults = userSearchEngine.performMultiUserSearch(
                 searchConfiguration,
@@ -920,7 +920,7 @@ public class LdapOperationsHelper
                 sessionLabel
 
         );
-        LOGGER.debug( sessionLabel, "user search found " + searchResults.size() + " users" );
+        LOGGER.debug( sessionLabel, () -> "user search found " + searchResults.size() + " users" );
 
         final Queue<UserIdentity> tempQueue = new LinkedList<>( searchResults.keySet() );
 
@@ -985,12 +985,12 @@ public class LdapOperationsHelper
                 if ( readPassword != null && readPassword.length() > 0 )
                 {
                     currentPass = readPassword;
-                    LOGGER.debug( sessionLabel, "successfully retrieved user's current password from ldap, now conducting standard authentication" );
+                    LOGGER.debug( sessionLabel, () -> "successfully retrieved user's current password from ldap, now conducting standard authentication" );
                 }
             }
             catch ( Exception e )
             {
-                LOGGER.debug( sessionLabel, "unable to retrieve user password from ldap: " + e.getMessage() );
+                LOGGER.debug( sessionLabel, () -> "unable to retrieve user password from ldap: " + e.getMessage() );
             }
 
             // actually do the authentication since we have user pw.
@@ -1001,7 +1001,7 @@ public class LdapOperationsHelper
         }
         else
         {
-            LOGGER.trace( sessionLabel, "skipping attempt to read user password, option disabled" );
+            LOGGER.trace( sessionLabel, () -> "skipping attempt to read user password, option disabled" );
         }
         return null;
     }
@@ -1098,7 +1098,7 @@ public class LdapOperationsHelper
             {
                 final ChaiUser user = pwmApplication.getProxiedChaiUser( userIdentity );
                 user.writeStringAttribute( languageAttr, languageCodeValue );
-                LOGGER.debug( sessionLabel, "wrote current browser session language value '" + languageCodeValue + "' to user attribute " + languageAttr );
+                LOGGER.debug( sessionLabel, () -> "wrote current browser session language value '" + languageCodeValue + "' to user attribute " + languageAttr );
             }
             catch ( ChaiException e )
             {

server/src/main/java/password/pwm/ldap/LdapPermissionTester.java

@@ -143,12 +143,12 @@ public class LdapPermissionTester
             return false;
         }
 
-        LOGGER.trace( pwmSession, "begin check for ldapGroup match for " + userIdentity + " using queryMatch: " + groupDN );
+        LOGGER.trace( pwmSession, () -> "begin check for ldapGroup match for " + userIdentity + " using queryMatch: " + groupDN );
 
         boolean result = false;
         if ( groupDN == null || groupDN.length() < 1 )
         {
-            LOGGER.trace( pwmSession, "missing groupDN value, skipping check" );
+            LOGGER.trace( pwmSession, () -> "missing groupDN value, skipping check" );
         }
         else
         {
@@ -156,7 +156,7 @@ public class LdapPermissionTester
             final String filterString = "(" + ldapProfile.readSettingAsString( PwmSetting.LDAP_USER_GROUP_ATTRIBUTE ) + "=" + groupDN + ")";
             try
             {
-                LOGGER.trace( pwmSession, "checking ldap to see if " + userIdentity + " matches group '" + groupDN + "' using filter '" + filterString + "'" );
+                LOGGER.trace( pwmSession, () -> "checking ldap to see if " + userIdentity + " matches group '" + groupDN + "' using filter '" + filterString + "'" );
                 final ChaiUser theUser = pwmApplication.getProxiedChaiUser( userIdentity );
                 final Map<String, Map<String, String>> results = theUser.getChaiProvider().search(
                         theUser.getEntryDN(),
@@ -174,12 +174,13 @@ public class LdapPermissionTester
             }
         }
 
-        final String logMsg = "user " + userIdentity.toDisplayString() + " is "
-                + ( result ? "" : "not " )
-                + "a match for group '" + groupDN + "'"
-                + " (" + TimeDuration.fromCurrent( startTime ).asCompactString() + ")";
-
-        LOGGER.debug( pwmSession, logMsg );
+        {
+            final boolean finalResult = result;
+            LOGGER.debug( pwmSession, () -> "user " + userIdentity.toDisplayString() + " is "
+                    + ( finalResult ? "" : "not " )
+                    + "a match for group '" + groupDN + "'"
+                    + " (" + TimeDuration.compactFromCurrent( startTime ) + ")" );
+        }
 
         return result;
     }
@@ -199,23 +200,23 @@ public class LdapPermissionTester
             return false;
         }
 
-        LOGGER.trace( pwmSession, "begin check for ldapQuery match for " + userIdentity + " using queryMatch: " + filterString );
+        LOGGER.trace( pwmSession, () -> "begin check for ldapQuery match for " + userIdentity + " using queryMatch: " + filterString );
 
         boolean result = false;
         if ( filterString == null || filterString.length() < 1 )
         {
-            LOGGER.trace( pwmSession, "missing queryMatch value, skipping check" );
+            LOGGER.trace( pwmSession, () -> "missing queryMatch value, skipping check" );
         }
         else if ( "(objectClass=*)".equalsIgnoreCase( filterString ) || "objectClass=*".equalsIgnoreCase( filterString ) )
         {
-            LOGGER.trace( pwmSession, "queryMatch check is guaranteed to be true, skipping ldap query" );
+            LOGGER.trace( pwmSession, () -> "queryMatch check is guaranteed to be true, skipping ldap query" );
             result = true;
         }
         else
         {
             try
             {
-                LOGGER.trace( pwmSession, "checking ldap to see if " + userIdentity + " matches '" + filterString + "'" );
+                LOGGER.trace( pwmSession, () -> "checking ldap to see if " + userIdentity + " matches '" + filterString + "'" );
                 final ChaiUser theUser = pwmApplication.getProxiedChaiUser( userIdentity );
                 final Map<String, Map<String, String>> results = theUser.getChaiProvider().search( theUser.getEntryDN(), filterString, Collections.emptySet(), SearchScope.BASE );
                 if ( results.size() == 1 && results.keySet().contains( theUser.getEntryDN() ) )
@@ -229,12 +230,13 @@ public class LdapPermissionTester
             }
         }
 
-        final String logMsg = "user " + userIdentity.toDisplayString() + " is "
-                + ( result ? "" : "not " )
-                + "a match for filter '" + filterString + "'"
-                + " (" + TimeDuration.fromCurrent( startTime ).asCompactString() + ")";
-
-        LOGGER.debug( pwmSession, logMsg );
+        {
+            final boolean finalResult = result;
+            LOGGER.debug( pwmSession, () -> "user " + userIdentity.toDisplayString() + " is "
+                    + ( finalResult ? "" : "not " )
+                    + "a match for filter '" + filterString + "'"
+                    + " (" + TimeDuration.fromCurrent( startTime ).asCompactString() + ")" );
+        }
 
         return result;
     }

server/src/main/java/password/pwm/ldap/PasswordChangeProgressChecker.java

@@ -268,7 +268,7 @@ public class PasswordChangeProgressChecker
         final Instant estimatedCompletion;
         {
             final BigDecimal pctComplete = figureAverageProgress( progressRecords );
-            LOGGER.trace( pwmSession, "percent complete: " + pctComplete );
+            LOGGER.trace( pwmSession, () -> "percent complete: " + pctComplete );
             final ProgressInfo progressInfo = new ProgressInfo( tracker.beginTime, 100, pctComplete.longValue() );
             final Instant actualEstimate = progressInfo.estimatedCompletion();
 
@@ -325,7 +325,7 @@ public class PasswordChangeProgressChecker
 
         if ( passwordSyncCheckMode == PasswordSyncCheckMode.DISABLED )
         {
-            LOGGER.trace( pwmSession, "skipping replica sync check, disabled" );
+            LOGGER.trace( pwmSession, () -> "skipping replica sync check, disabled" );
             return tracker.itemCompletions.get( PROGRESS_KEY_REPLICATION );
         }
 
@@ -333,7 +333,7 @@ public class PasswordChangeProgressChecker
         {
             if ( tracker.itemCompletions.get( PROGRESS_KEY_REPLICATION ).complete )
             {
-                LOGGER.trace( pwmSession, "skipping replica sync check, replica sync completed previously" );
+                LOGGER.trace( pwmSession, () -> "skipping replica sync check, replica sync completed previously" );
                 return tracker.itemCompletions.get( PROGRESS_KEY_REPLICATION );
             }
         }
@@ -342,18 +342,18 @@ public class PasswordChangeProgressChecker
         {
             if ( TimeDuration.fromCurrent( tracker.beginTime ).isShorterThan( initialReplicaDelay ) )
             {
-                LOGGER.trace( pwmSession, "skipping replica sync check, initDelay has not yet passed" );
+                LOGGER.trace( pwmSession, () -> "skipping replica sync check, initDelay has not yet passed" );
                 return null;
             }
         }
         else if ( TimeDuration.fromCurrent( tracker.lastReplicaCheckTime ).isShorterThan( cycleReplicaDelay ) )
         {
-            LOGGER.trace( pwmSession, "skipping replica sync check, cycleDelay has not yet passed" );
+            LOGGER.trace( pwmSession, () -> "skipping replica sync check, cycleDelay has not yet passed" );
             return null;
         }
 
         tracker.lastReplicaCheckTime = Instant.now();
-        LOGGER.trace( pwmSession, "beginning password replication time check for " + userIdentity.toDelimitedKey() );
+        LOGGER.trace( pwmSession, () -> "beginning password replication time check for " + userIdentity.toDelimitedKey() );
 
         try
         {

server/src/main/java/password/pwm/ldap/UserInfoReader.java

@@ -220,7 +220,7 @@ public class UserInfoReader implements UserInfo
         final PwmPasswordPolicy passwordPolicy = selfCachedReference.getPasswordPolicy();
 
         final long startTime = System.currentTimeMillis();
-        LOGGER.trace( sessionLabel, "beginning password status check process for " + userDN );
+        LOGGER.trace( sessionLabel, () -> "beginning password status check process for " + userDN );
 
         // check if password meets existing policy.
         if ( passwordPolicy.getRuleHelper().readBooleanValue( PwmPasswordRule.EnforceAtLogin ) )
@@ -234,7 +234,8 @@ public class UserInfoReader implements UserInfo
                 }
                 catch ( PwmDataValidationException | PwmUnrecoverableException e )
                 {
-                    LOGGER.debug( sessionLabel, "user " + userDN + " password does not conform to current password policy (" + e.getMessage() + "), marking as requiring change." );
+                    LOGGER.debug( sessionLabel, () -> "user " + userDN + " password does not conform to current password policy ("
+                            + e.getMessage() + "), marking as requiring change." );
                     passwordStatusBuilder.violatesPolicy( true );
                 }
                 catch ( ChaiUnavailableException e )
@@ -251,11 +252,11 @@ public class UserInfoReader implements UserInfo
 
             if ( ldapPasswordExpired )
             {
-                LOGGER.trace( sessionLabel, "password for " + userDN + " appears to be expired" );
+                LOGGER.trace( sessionLabel, () -> "password for " + userDN + " appears to be expired" );
             }
             else
             {
-                LOGGER.trace( sessionLabel, "password for " + userDN + " does not appear to be expired" );
+                LOGGER.trace( sessionLabel, () -> "password for " + userDN + " does not appear to be expired" );
             }
         }
         catch ( ChaiOperationException e )
@@ -273,7 +274,7 @@ public class UserInfoReader implements UserInfo
         if ( ldapPasswordExpirationTime != null )
         {
             final TimeDuration expirationInterval = TimeDuration.fromCurrent( ldapPasswordExpirationTime );
-            LOGGER.trace( sessionLabel, "read password expiration time: "
+            LOGGER.trace( sessionLabel, () -> "read password expiration time: "
                     + JavaHelper.toIsoDate( ldapPasswordExpirationTime )
                     + ", " + expirationInterval.asCompactString() + " from now"
             );
@@ -283,7 +284,7 @@ public class UserInfoReader implements UserInfo
             final long preExpireMs = config.readSettingAsLong( PwmSetting.PASSWORD_EXPIRE_PRE_TIME ) * 1000;
             if ( diff.asMillis() > 0 && diff.asMillis() < preExpireMs )
             {
-                LOGGER.debug( sessionLabel, "user " + userDN + " password will expire within "
+                LOGGER.debug( sessionLabel, () -> "user " + userDN + " password will expire within "
                         + diff.asCompactString()
                         + ", marking as pre-expired" );
                 preExpired = true;
@@ -291,7 +292,7 @@ public class UserInfoReader implements UserInfo
             else if ( ldapPasswordExpired )
             {
                 preExpired = true;
-                LOGGER.debug( sessionLabel, "user " + userDN + " password is expired, marking as pre-expired." );
+                LOGGER.debug( sessionLabel, () -> "user " + userDN + " password is expired, marking as pre-expired." );
             }
 
             // now check to see if the user's expire time is within the 'preWarnTime' setting.
@@ -304,7 +305,7 @@ public class UserInfoReader implements UserInfo
                     if ( diff.asMillis() > 0 && diff.asMillis() < preWarnMs )
                     {
                         LOGGER.debug( sessionLabel,
-                                "user " + userDN + " password will expire within "
+                                () -> "user " + userDN + " password will expire within "
                                         + diff.asCompactString()
                                         + ", marking as within warn period" );
                         passwordStatusBuilder.warnPeriod( true );
@@ -315,7 +316,7 @@ public class UserInfoReader implements UserInfo
             passwordStatusBuilder.preExpired( preExpired );
         }
 
-        LOGGER.debug( sessionLabel, "completed user password status check for " + userDN + " " + passwordStatusBuilder
+        LOGGER.debug( sessionLabel, () -> "completed user password status check for " + userDN + " " + passwordStatusBuilder
                 + " (" + TimeDuration.fromCurrent( startTime ).asCompactString() + ")" );
         passwordStatusBuilder.expired( ldapPasswordExpired );
         return passwordStatusBuilder.build();
@@ -330,31 +331,31 @@ public class UserInfoReader implements UserInfo
         if ( !LdapPermissionTester.testUserPermissions( pwmApplication, sessionLabel, userIdentity, updateProfilePermission ) )
         {
             LOGGER.debug( sessionLabel,
-                    "checkPassword: " + userIdentity.toString() + " user does not have permission to change password" );
+                    () -> "checkPassword: " + userIdentity.toString() + " user does not have permission to change password" );
             return false;
         }
 
         if ( passwordStatus.isExpired() )
         {
-            LOGGER.debug( sessionLabel, "checkPassword: password is expired, marking new password as required" );
+            LOGGER.debug( sessionLabel, () -> "checkPassword: password is expired, marking new password as required" );
             return true;
         }
 
         if ( passwordStatus.isPreExpired() )
         {
-            LOGGER.debug( sessionLabel, "checkPassword: password is pre-expired, marking new password as required" );
+            LOGGER.debug( sessionLabel, () -> "checkPassword: password is pre-expired, marking new password as required" );
             return true;
         }
 
         if ( passwordStatus.isWarnPeriod() )
         {
-            LOGGER.debug( sessionLabel, "checkPassword: password is within warn period, marking new password as required" );
+            LOGGER.debug( sessionLabel, () -> "checkPassword: password is within warn period, marking new password as required" );
             return true;
         }
 
         if ( passwordStatus.isViolatesPolicy() )
         {
-            LOGGER.debug( sessionLabel, "checkPassword: current password violates password policy, marking new password as required" );
+            LOGGER.debug( sessionLabel, () -> "checkPassword: current password violates password policy, marking new password as required" );
             return true;
         }
 
@@ -422,7 +423,7 @@ public class UserInfoReader implements UserInfo
     @Override
     public boolean isRequiresOtpConfig( ) throws PwmUnrecoverableException
     {
-        LOGGER.trace( sessionLabel, "checkOtp: beginning process to check if user OTP setup is required" );
+        LOGGER.trace( sessionLabel, () ->  "checkOtp: beginning process to check if user OTP setup is required" );
 
         SetupOtpProfile setupOtpProfile = null;
         final Map<ProfileType, String> profileIDs = selfCachedReference.getProfileIDs();
@@ -433,13 +434,13 @@ public class UserInfoReader implements UserInfo
 
         if ( setupOtpProfile == null )
         {
-            LOGGER.trace( sessionLabel, "checkOtp: no otp setup profile assigned, user OTP setup is not required" );
+            LOGGER.trace( sessionLabel, () -> "checkOtp: no otp setup profile assigned, user OTP setup is not required" );
             return false;
         }
 
         if ( !setupOtpProfile.readSettingAsBoolean( PwmSetting.OTP_ALLOW_SETUP ) )
         {
-            LOGGER.trace( sessionLabel, "checkOtp: OTP allow setup is not enabled" );
+            LOGGER.trace( sessionLabel, () -> "checkOtp: OTP allow setup is not enabled" );
             return false;
         }
 
@@ -447,7 +448,7 @@ public class UserInfoReader implements UserInfo
 
         if ( policy == ForceSetupPolicy.SKIP )
         {
-            LOGGER.trace( sessionLabel, "checkOtp: OTP force setup policy is set to SKIP, user OTP setup is not required" );
+            LOGGER.trace( sessionLabel, () -> "checkOtp: OTP force setup policy is set to SKIP, user OTP setup is not required" );
             return false;
         }
 
@@ -456,12 +457,12 @@ public class UserInfoReader implements UserInfo
 
         if ( hasStoredOtp )
         {
-            LOGGER.trace( sessionLabel, "checkOtp: user has existing valid otp record, user OTP setup is not required" );
+            LOGGER.trace( sessionLabel, () -> "checkOtp: user has existing valid otp record, user OTP setup is not required" );
             return false;
         }
 
         // hasStoredOtp is always true at this point, so if forced then update needed
-        LOGGER.debug( sessionLabel, "checkOtp: user does not have existing valid otp record, user OTP setup is required" );
+        LOGGER.debug( sessionLabel, () -> "checkOtp: user does not have existing valid otp record, user OTP setup is required" );
         return policy == ForceSetupPolicy.FORCE || policy == ForceSetupPolicy.FORCE_ALLOW_SKIP;
     }
 
@@ -472,7 +473,7 @@ public class UserInfoReader implements UserInfo
 
         if ( !pwmApplication.getConfig().readSettingAsBoolean( PwmSetting.UPDATE_PROFILE_ENABLE ) )
         {
-            LOGGER.debug( sessionLabel, "checkProfiles: " + userIdentity.toString() + " profile module is not enabled" );
+            LOGGER.debug( sessionLabel, () -> "checkProfiles: " + userIdentity.toString() + " profile module is not enabled" );
             return false;
         }
 
@@ -490,7 +491,7 @@ public class UserInfoReader implements UserInfo
 
         if ( !updateProfileProfile.readSettingAsBoolean( PwmSetting.UPDATE_PROFILE_FORCE_SETUP ) )
         {
-            LOGGER.debug( sessionLabel, "checkProfiles: " + userIdentity.toString() + " profile force setup is not enabled" );
+            LOGGER.debug( sessionLabel, () -> "checkProfiles: " + userIdentity.toString() + " profile force setup is not enabled" );
             return false;
         }
 
@@ -508,12 +509,12 @@ public class UserInfoReader implements UserInfo
             );
             final Map<FormConfiguration, String> singleValueMap = FormUtility.multiValueMapToSingleValue( valueMap );
             FormUtility.validateFormValues( configuration, singleValueMap, locale );
-            LOGGER.debug( sessionLabel, "checkProfile: " + userIdentity + " has value for attributes, update profile will not be required" );
+            LOGGER.debug( sessionLabel, () -> "checkProfile: " + userIdentity + " has value for attributes, update profile will not be required" );
             return false;
         }
         catch ( PwmDataValidationException e )
         {
-            LOGGER.debug( sessionLabel, "checkProfile: " + userIdentity + " does not have good attributes (" + e.getMessage() + "), update profile will be required" );
+            LOGGER.debug( sessionLabel, () -> "checkProfile: " + userIdentity + " does not have good attributes (" + e.getMessage() + "), update profile will be required" );
             return true;
         }
         catch ( PwmUnrecoverableException e )
@@ -660,11 +661,11 @@ public class UserInfoReader implements UserInfo
                 returnMap.put( profileType, profileID );
                 if ( profileID != null )
                 {
-                    LOGGER.debug( sessionLabel, "assigned " + profileType.toString() + " profileID \"" + profileID + "\" to " + userIdentity.toDisplayString() );
+                    LOGGER.debug( sessionLabel, () -> "assigned " + profileType.toString() + " profileID \"" + profileID + "\" to " + userIdentity.toDisplayString() );
                 }
                 else
                 {
-                    LOGGER.debug( sessionLabel, profileType.toString() + " has no matching profiles for user " + userIdentity.toDisplayString() );
+                    LOGGER.debug( sessionLabel, () -> profileType.toString() + " has no matching profiles for user " + userIdentity.toDisplayString() );
                 }
             }
         }

server/src/main/java/password/pwm/ldap/auth/SessionAuthenticator.java

@@ -114,13 +114,13 @@ public class SessionAuthenticator
             {
                 if ( pwmApplication.determineIfDetailErrorMsgShown() )
                 {
-                    LOGGER.debug( pwmSession, "allowing error " + e.getError() + " to be returned though it is configured as a hidden type; "
+                    LOGGER.debug( pwmSession, () -> "allowing error " + e.getError() + " to be returned though it is configured as a hidden type; "
                             + "app is currently permitting detailed error messages" );
                 }
                 else
                 {
                     final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_WRONGPASSWORD );
-                    LOGGER.debug( pwmSession, "converting error from ldap " + e.getError() + " to " + PwmError.ERROR_WRONGPASSWORD
+                    LOGGER.debug( pwmSession, () -> "converting error from ldap " + e.getError() + " to " + PwmError.ERROR_WRONGPASSWORD
                             + " due to app property " + AppProperty.SECURITY_LOGIN_HIDDEN_ERROR_TYPES.getKey() );
                     throw new PwmOperationalException( errorInformation );
                 }
@@ -258,7 +258,7 @@ public class SessionAuthenticator
         }
         else
         {
-            LOGGER.trace( sessionLabel, "performing bad-password login attempt against ldap directory as a result of "
+            LOGGER.trace( sessionLabel, () -> "performing bad-password login attempt against ldap directory as a result of "
                     + "forgotten password recovery invalid attempt against " + userIdentity );
         }
 
@@ -268,12 +268,12 @@ public class SessionAuthenticator
             return;
         }
 
-        LOGGER.trace( sessionLabel, "beginning simulateBadPassword process" );
+        LOGGER.trace( sessionLabel, () -> "beginning simulateBadPassword process" );
 
         final PasswordData bogusPassword = new PasswordData( PwmConstants.DEFAULT_BAD_PASSWORD_ATTEMPT );
 
         //try authenticating the user using a normal ldap BIND operation.
-        LOGGER.trace( sessionLabel, "attempting authentication using ldap BIND" );
+        LOGGER.trace( sessionLabel, () -> "attempting authentication using ldap BIND" );
 
         ChaiProvider provider = null;
         try
@@ -292,17 +292,17 @@ public class SessionAuthenticator
             //issue a read operation to trigger a bind.
             provider.readStringAttribute( userIdentity.getUserDN(), ChaiConstant.ATTR_LDAP_OBJECTCLASS );
 
-            LOGGER.debug( sessionLabel, "bad-password login attempt succeeded for " + userIdentity );
+            LOGGER.debug( sessionLabel, () -> "bad-password login attempt succeeded for " + userIdentity );
         }
         catch ( ChaiException e )
         {
             if ( e.getErrorCode() == ChaiError.PASSWORD_BADPASSWORD )
             {
-                LOGGER.trace( sessionLabel, "bad-password login simulation succeeded for; " + userIdentity + " result: " + e.getMessage() );
+                LOGGER.trace( sessionLabel, () -> "bad-password login simulation succeeded for; " + userIdentity + " result: " + e.getMessage() );
             }
             else
             {
-                LOGGER.debug( sessionLabel, "unexpected error during simulated bad-password login attempt for " + userIdentity + "; result: " + e.getMessage() );
+                LOGGER.debug( sessionLabel, () -> "unexpected error during simulated bad-password login attempt for " + userIdentity + "; result: " + e.getMessage() );
             }
         }
         finally
@@ -426,7 +426,7 @@ public class SessionAuthenticator
         }
 
         //clear permission cache - needs rechecking after login
-        LOGGER.debug( pwmSession, "clearing permission cache" );
+        LOGGER.debug( pwmSession, () -> "clearing permission cache" );
         pwmSession.getUserSessionDataCacheBean().clearPermissions();
 
         // update the users ldap attribute.

server/src/main/java/password/pwm/ldap/search/UserSearchEngine.java

@@ -79,7 +79,6 @@ import java.util.concurrent.atomic.AtomicInteger;
 
 public class UserSearchEngine implements PwmService
 {
-
     private static final PwmLogger LOGGER = PwmLogger.forClass( UserSearchEngine.class );
 
     private final AtomicInteger searchCounter = new AtomicInteger( 0 );
@@ -94,7 +93,7 @@ public class UserSearchEngine implements PwmService
     private ThreadPoolExecutor executor;
 
     private final ConditionalTaskExecutor debugOutputTask = new ConditionalTaskExecutor(
-            ( ) -> periodicDebugOutput(),
+            this::periodicDebugOutput,
             new ConditionalTaskExecutor.TimeDurationPredicate( 1, TimeDuration.Unit.MINUTES )
     );
 
@@ -222,7 +221,7 @@ public class UserSearchEngine implements PwmService
     )
             throws PwmUnrecoverableException, PwmOperationalException
     {
-        final long startTime = System.currentTimeMillis();
+        final Instant startTime = Instant.now();
         final DuplicateMode dupeMode = pwmApplication.getConfig().readSettingAsEnum( PwmSetting.LDAP_DUPLICATE_MODE, DuplicateMode.class );
         final int searchCount = ( dupeMode == DuplicateMode.FIRST_ALL ) ? 1 : 2;
         final Map<UserIdentity, Map<String, String>> searchResults = performMultiUserSearch( searchConfiguration, searchCount, Collections.emptyList(), sessionLabel );
@@ -243,7 +242,7 @@ public class UserSearchEngine implements PwmService
         else if ( results.size() == 1 )
         {
             final String userDN = results.get( 0 ).getUserDN();
-            LOGGER.debug( sessionLabel, "found userDN: " + userDN + " (" + TimeDuration.fromCurrent( startTime ).asCompactString() + ")" );
+            LOGGER.debug( sessionLabel, () -> "found userDN: " + userDN + " (" + TimeDuration.compactFromCurrent( startTime ) + ")" );
             return results.get( 0 );
         }
         if ( dupeMode == DuplicateMode.FIRST_PROFILE )
@@ -259,7 +258,7 @@ public class UserSearchEngine implements PwmService
                 throw new PwmOperationalException( new ErrorInformation( PwmError.ERROR_CANT_MATCH_USER, errorMessage ) );
             }
 
-            LOGGER.trace( sessionLabel, "found multiple matches, but will use first match since second match"
+            LOGGER.trace( sessionLabel, () -> "found multiple matches, but will use first match since second match"
                     + " is in a different profile and dupeMode is set to "
                     + DuplicateMode.FIRST_PROFILE );
             return results.get( 0 );
@@ -315,7 +314,8 @@ public class UserSearchEngine implements PwmService
             }
             else
             {
-                LOGGER.debug( sessionLabel, "attempt to search for users in unknown ldap profile '" + searchConfiguration.getLdapProfile() + "', skipping search" );
+                LOGGER.debug( sessionLabel, () -> "attempt to search for users in unknown ldap profile '"
+                        + searchConfiguration.getLdapProfile() + "', skipping search" );
                 return Collections.emptyMap();
             }
         }
@@ -591,14 +591,15 @@ public class UserSearchEngine implements PwmService
             final String usernameAttribute = ldapProfile.readSettingAsString( PwmSetting.LDAP_NAMING_ATTRIBUTE );
             if ( input.toLowerCase().startsWith( usernameAttribute.toLowerCase() + "=" ) )
             {
-                LOGGER.trace( sessionLabel,
-                        "username '" + input + "' appears to be a DN (starts with configured ldap naming attribute'" + usernameAttribute + "'), skipping username search" );
+                LOGGER.trace( sessionLabel, () -> "username '" + input
+                        + "' appears to be a DN (starts with configured ldap naming attribute '"
+                        + usernameAttribute + "'), skipping username search" );
                 return true;
             }
             namingAttributes.add( usernameAttribute );
         }
 
-        LOGGER.trace( sessionLabel, "username '" + input + "' does not appear to be a DN (does not start with any of the configured ldap naming attributes '"
+        LOGGER.trace( sessionLabel, () -> "username '" + input + "' does not appear to be a DN (does not start with any of the configured ldap naming attributes '"
                 + StringUtil.collectionToString( namingAttributes, "," )
                 + "')" );
 
@@ -798,7 +799,7 @@ public class UserSearchEngine implements PwmService
 
     private void periodicDebugOutput( )
     {
-        LOGGER.debug( "periodic debug status: " + StringUtil.mapToString( debugProperties() ) );
+        LOGGER.debug( () -> "periodic debug status: " + StringUtil.mapToString( debugProperties() ) );
     }
 
     private void log( final PwmLogLevel level, final SessionLabel sessionLabel, final int searchID, final int jobID, final String message )

server/src/main/java/password/pwm/svc/PwmServiceManager.java

@@ -113,10 +113,10 @@ public class PwmServiceManager
 
         try
         {
-            LOGGER.debug( "initializing service " + serviceName );
+            LOGGER.debug( () -> "initializing service " + serviceName );
             newServiceInstance.init( pwmApplication );
             final TimeDuration startupDuration = TimeDuration.fromCurrent( startTime );
-            LOGGER.debug( "completed initialization of service " + serviceName + " in " + startupDuration.asCompactString() + ", status=" + newServiceInstance.status() );
+            LOGGER.debug( () -> "completed initialization of service " + serviceName + " in " + startupDuration.asCompactString() + ", status=" + newServiceInstance.status() );
         }
         catch ( PwmException e )
         {

server/src/main/java/password/pwm/svc/cache/CacheService.java

@@ -68,21 +68,21 @@ public class CacheService implements PwmService
         final boolean enabled = Boolean.parseBoolean( pwmApplication.getConfig().readAppProperty( AppProperty.CACHE_ENABLE ) );
         if ( !enabled )
         {
-            LOGGER.debug( "skipping cache service init due to app property setting" );
+            LOGGER.debug( () -> "skipping cache service init due to app property setting" );
             status = STATUS.CLOSED;
             return;
         }
 
         if ( pwmApplication.getLocalDB() == null )
         {
-            LOGGER.debug( "skipping cache service init due to localDB not being available" );
+            LOGGER.debug( () -> "skipping cache service init due to localDB not being available" );
             status = STATUS.CLOSED;
             return;
         }
 
         if ( pwmApplication.getApplicationMode() == PwmApplicationMode.READ_ONLY )
         {
-            LOGGER.debug( "skipping cache service init due to read-only application mode" );
+            LOGGER.debug( () -> "skipping cache service init due to read-only application mode" );
             status = STATUS.CLOSED;
             return;
         }

server/src/main/java/password/pwm/svc/cluster/ClusterService.java

@@ -100,7 +100,7 @@ public class ClusterService implements PwmService
                     break;
 
                     default:
-                        LOGGER.debug( "no suitable storage method configured " );
+                        LOGGER.debug( () -> "no suitable storage method configured " );
                         JavaHelper.unhandledSwitchStatement( dataStore );
                         return;
 
@@ -191,7 +191,7 @@ public class ClusterService implements PwmService
             if ( userIdentity == null )
             {
                 final String msg = "LDAP storage type selected, but LDAP test user not defined.";
-                LOGGER.debug( msg );
+                LOGGER.debug( () -> msg );
                 startupError = new ErrorInformation( PwmError.ERROR_CLUSTER_SERVICE_ERROR, msg );
             }
         }
@@ -200,7 +200,7 @@ public class ClusterService implements PwmService
             if ( !pwmApplication.getConfig().hasDbConfigured() )
             {
                 final String msg = "DB storage type selected, but remote DB is not configured.";
-                LOGGER.debug( msg );
+                LOGGER.debug( () -> msg );
                 startupError = new ErrorInformation( PwmError.ERROR_CLUSTER_SERVICE_ERROR, msg );
             }
         }

server/src/main/java/password/pwm/svc/cluster/DatabaseClusterDataService.java

@@ -130,7 +130,7 @@ public class DatabaseClusterDataService implements ClusterDataServiceProvider
                 if ( recordAge.isLongerThan( maxNodeAge ) )
                 {
                     // purge outdated records
-                    LOGGER.debug( "purging outdated node reference to instanceID '" + instanceID + "'" );
+                    LOGGER.debug( () -> "purging outdated node reference to instanceID '" + instanceID + "'" );
 
                     databaseAccessor.remove( TABLE, localKeyForStoredNode( storedNodeData ) );
                     nodesPurged++;

server/src/main/java/password/pwm/svc/cluster/LDAPClusterDataService.java

@@ -127,7 +127,7 @@ public class LDAPClusterDataService implements ClusterDataServiceProvider
             if ( recordAge.isLongerThan( maxNodeAge ) )
             {
                 // purge outdated records
-                LOGGER.debug( "purging outdated node reference to instanceID '" + instanceID + "'" );
+                LOGGER.debug( () -> "purging outdated node reference to instanceID '" + instanceID + "'" );
 
                 try
                 {

server/src/main/java/password/pwm/svc/email/EmailServerUtil.java

@@ -300,7 +300,7 @@ public class EmailServerUtil
             transport.connect();
         }
 
-        LOGGER.debug( "connected to " + server.toDebugString() + " " + ( authenticated ? "(authenticated)" : "(unauthenticated)" ) );
+        LOGGER.debug( () -> "connected to " + server.toDebugString() + " " + ( authenticated ? "(authenticated)" : "(unauthenticated)" ) );
 
         return transport;
     }

server/src/main/java/password/pwm/svc/email/EmailService.java

@@ -224,7 +224,7 @@ public class EmailService implements PwmService
 
         if ( servers.isEmpty() )
         {
-            LOGGER.debug( "discarding email send event (no SMTP server address configured) " + emailItem.toDebugString() );
+            LOGGER.debug( () -> "discarding email send event (no SMTP server address configured) " + emailItem.toDebugString() );
             return false;
         }
 
@@ -395,7 +395,7 @@ public class EmailService implements PwmService
 
             serverErrors.put( serverTransport.getEmailServer(), Optional.empty() );
 
-            LOGGER.debug( "sent email: " + emailItemBean.toDebugString() );
+            LOGGER.debug( () -> "sent email: " + emailItemBean.toDebugString() );
             StatisticsManager.incrementStat( pwmApplication, Statistic.EMAIL_SEND_SUCCESSES );
             return WorkQueueProcessor.ProcessResult.SUCCESS;
         }

server/src/main/java/password/pwm/svc/event/AuditService.java

@@ -180,7 +180,7 @@ public class AuditService implements PwmService
             {
                 if ( maxRecords < 1 )
                 {
-                    LOGGER.debug( "localDB audit vault will remain closed due to max records setting" );
+                    LOGGER.debug( () -> "localDB audit vault will remain closed due to max records setting" );
                     pwmApplication.getLocalDB().truncate( LocalDB.DB.AUDIT_EVENTS );
                 }
                 else
@@ -191,7 +191,7 @@ public class AuditService implements PwmService
             }
             else
             {
-                LOGGER.debug( "localDB audit vault will remain closed due to application mode" );
+                LOGGER.debug( () -> "localDB audit vault will remain closed due to application mode" );
             }
         }
 
@@ -346,7 +346,7 @@ public class AuditService implements PwmService
 
         if ( status != STATUS.OPEN )
         {
-            LOGGER.debug( "discarding audit event (AuditManager is not open); event=" + jsonRecord );
+            LOGGER.debug( () -> "discarding audit event (AuditManager is not open); event=" + jsonRecord );
             return;
         }
 
@@ -358,7 +358,7 @@ public class AuditService implements PwmService
 
         if ( !settings.getPermittedEvents().contains( auditRecord.getEventCode() ) )
         {
-            LOGGER.debug( "discarding event, " + auditRecord.getEventCode() + " are being ignored; event=" + jsonRecord );
+            LOGGER.debug( () -> "discarding event, " + auditRecord.getEventCode() + " are being ignored; event=" + jsonRecord );
             return;
         }
 

server/src/main/java/password/pwm/svc/event/LdapXmlUserHistory.java

@@ -114,7 +114,7 @@ class LdapXmlUserHistory implements UserHistoryStore
         // quit if settings no good;
         if ( corAttribute == null || corAttribute.length() < 1 )
         {
-            LOGGER.debug( "no user event log attribute configured, skipping write of log data" );
+            LOGGER.debug( () -> "no user event log attribute configured, skipping write of log data" );
             return;
         }
 

server/src/main/java/password/pwm/svc/event/LocalDbAuditVault.java

@@ -180,7 +180,8 @@ public class LocalDbAuditVault implements AuditVault
         {
             errorMsg = e.getMessage();
         }
-        LOGGER.debug( "unable to deserialize stored record '" + input + "', error: " + errorMsg );
+        final String finalErrorMsg = errorMsg;
+        LOGGER.debug( () -> "unable to deserialize stored record '" + input + "', error: " + finalErrorMsg );
         return null;
     }
 

server/src/main/java/password/pwm/svc/intruder/IntruderManager.java

@@ -123,7 +123,7 @@ public class IntruderManager implements PwmService
         if ( !pwmApplication.getConfig().readSettingAsBoolean( PwmSetting.INTRUDER_ENABLE ) )
         {
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_SERVICE_NOT_AVAILABLE, "intruder module not enabled" );
-            LOGGER.debug( errorInformation.toDebugStr() );
+            LOGGER.debug( () -> errorInformation.toDebugStr() );
             status = STATUS.CLOSED;
             return;
         }
@@ -364,7 +364,7 @@ public class IntruderManager implements PwmService
                 final InetAddress inetAddress = InetAddress.getByName( subject );
                 if ( inetAddress.isAnyLocalAddress() || inetAddress.isLoopbackAddress() || inetAddress.isLinkLocalAddress() )
                 {
-                    LOGGER.debug( "disregarding local address intruder attempt from: " + subject );
+                    LOGGER.debug( () -> "disregarding local address intruder attempt from: " + subject );
                     return;
                 }
             }
@@ -461,7 +461,12 @@ public class IntruderManager implements PwmService
             delayPenalty = delayPenalty > Long.parseLong( pwmApplication.getConfig().readAppProperty( AppProperty.INTRUDER_MAX_DELAY_PENALTY_MS ) )
                     ? Long.parseLong( pwmApplication.getConfig().readAppProperty( AppProperty.INTRUDER_MAX_DELAY_PENALTY_MS ) )
                     : delayPenalty;
-            LOGGER.trace( sessionLabel, "delaying response " + delayPenalty + "ms due to intruder record: " + JsonUtil.serialize( intruderRecord ) );
+
+            {
+                final long finalDelay = delayPenalty;
+                LOGGER.trace( sessionLabel, () -> "delaying response " + finalDelay + "ms due to intruder record: " + JsonUtil.serialize( intruderRecord ) );
+            }
+
             JavaHelper.pause( delayPenalty );
         }
     }

server/src/main/java/password/pwm/svc/intruder/RecordManagerImpl.java

@@ -90,7 +90,8 @@ class RecordManagerImpl implements RecordManager
         final TimeDuration age = TimeDuration.fromCurrent( record.getTimeStamp() );
         if ( age.isLongerThan( settings.getCheckDuration() ) )
         {
-            LOGGER.debug( "re-setting existing outdated record=" + JsonUtil.serialize( record ) + " (" + age.asCompactString() + ")" );
+            final IntruderRecord finalRecord = record;
+            LOGGER.debug( () -> "re-setting existing outdated record=" + JsonUtil.serialize( finalRecord ) + " (" + age.asCompactString() + ")" );
             record = new IntruderRecord( recordType, subject );
         }
 

server/src/main/java/password/pwm/svc/pwnotify/PwNotifyEngine.java

@@ -216,7 +216,7 @@ public class PwNotifyEngine
             }
             catch ( Exception e )
             {
-                LOGGER.trace( "unexpected error processing user '" + userIdentity.toDisplayString() + "', error: " + e.getMessage() );
+                LOGGER.trace( () -> "unexpected error processing user '" + userIdentity.toDisplayString() + "', error: " + e.getMessage() );
             }
         }
     }
@@ -237,20 +237,20 @@ public class PwNotifyEngine
 
         if ( passwordExpirationTime == null )
         {
-            LOGGER.trace( SESSION_LABEL, "skipping user '" + userIdentity.toDisplayString() + "', has no password expiration" );
+            LOGGER.trace( SESSION_LABEL, () -> "skipping user '" + userIdentity.toDisplayString() + "', has no password expiration" );
             return;
         }
 
         if ( passwordExpirationTime.isBefore( Instant.now() ) )
         {
-            LOGGER.trace( SESSION_LABEL, "skipping user '" + userIdentity.toDisplayString() + "', password expiration is in the past" );
+            LOGGER.trace( SESSION_LABEL, () -> "skipping user '" + userIdentity.toDisplayString() + "', password expiration is in the past" );
             return;
         }
 
         final int nextDayInterval = figureNextDayInterval( passwordExpirationTime );
         if ( nextDayInterval < 1 )
         {
-            LOGGER.trace( SESSION_LABEL, "skipping user '" + userIdentity.toDisplayString() + "', password expiration time is not within an interval" );
+            LOGGER.trace( SESSION_LABEL, () -> "skipping user '" + userIdentity.toDisplayString() + "', password expiration time is not within an interval" );
             return;
         }
 
@@ -370,7 +370,7 @@ public class PwNotifyEngine
             }
         }
 
-        LOGGER.trace( SessionLabel.PWNOTIFY_SESSION_LABEL, output );
+        LOGGER.trace( SessionLabel.PWNOTIFY_SESSION_LABEL, () -> output );
     }
 
     private ThreadPoolExecutor createExecutor( final PwmApplication pwmApplication )

server/src/main/java/password/pwm/svc/pwnotify/PwNotifyService.java

@@ -104,7 +104,7 @@ public class PwNotifyService extends AbstractPwmService implements PwmService
 
         if ( !pwmApplication.getConfig().readSettingAsBoolean( PwmSetting.PW_EXPY_NOTIFY_ENABLE ) )
         {
-            LOGGER.trace( SessionLabel.PWNOTIFY_SESSION_LABEL, "will remain closed, pw notify feature is not enabled" );
+            LOGGER.trace( SessionLabel.PWNOTIFY_SESSION_LABEL, () -> "will remain closed, pw notify feature is not enabled" );
             setStatus( STATUS.CLOSED );
             return;
         }
@@ -148,7 +148,7 @@ public class PwNotifyService extends AbstractPwmService implements PwmService
         catch ( PwmUnrecoverableException e )
         {
             setStatus( STATUS.CLOSED );
-            LOGGER.trace( SessionLabel.PWNOTIFY_SESSION_LABEL, "will remain closed, pw notify feature is not enabled due to error: " + e.getMessage() );
+            LOGGER.trace( SessionLabel.PWNOTIFY_SESSION_LABEL, () -> "will remain closed, pw notify feature is not enabled due to error: " + e.getMessage() );
             setStartupError( e.getErrorInformation() );
         }
     }
@@ -163,7 +163,7 @@ public class PwNotifyService extends AbstractPwmService implements PwmService
         try
         {
             nextExecutionTime = figureNextJobExecutionTime();
-            LOGGER.debug( SessionLabel.PWNOTIFY_SESSION_LABEL, "scheduled next job execution at " + nextExecutionTime.toString() );
+            LOGGER.debug( SessionLabel.PWNOTIFY_SESSION_LABEL, () -> "scheduled next job execution at " + nextExecutionTime.toString() );
         }
         catch ( Exception e )
         {
@@ -248,7 +248,7 @@ public class PwNotifyService extends AbstractPwmService implements PwmService
     {
         if ( status() != STATUS.OPEN )
         {
-            LOGGER.trace( SessionLabel.PWNOTIFY_SESSION_LABEL, "ignoring job request start, service is not open" );
+            LOGGER.trace( SessionLabel.PWNOTIFY_SESSION_LABEL, () -> "ignoring job request start, service is not open" );
             return;
         }
 

server/src/main/java/password/pwm/svc/report/ReportService.java

@@ -113,14 +113,14 @@ public class ReportService implements PwmService
 
         if ( pwmApplication.getApplicationMode() == PwmApplicationMode.READ_ONLY )
         {
-            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "application mode is read-only, will remain closed" );
+            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "application mode is read-only, will remain closed" );
             status = STATUS.CLOSED;
             return;
         }
 
         if ( pwmApplication.getLocalDB() == null || LocalDB.Status.OPEN != pwmApplication.getLocalDB().status() )
         {
-            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "LocalDB is not open, will remain closed" );
+            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "LocalDB is not open, will remain closed" );
             status = STATUS.CLOSED;
             return;
         }
@@ -144,8 +144,7 @@ public class ReportService implements PwmService
 
         executorService = JavaHelper.makeBackgroundExecutor( pwmApplication, this.getClass() );
 
-        final String startupMsg = "report service started";
-        LOGGER.debug( startupMsg );
+        LOGGER.debug( () -> "report service started" );
 
         executorService.submit( new InitializationTask() );
 
@@ -206,7 +205,7 @@ public class ReportService implements PwmService
                 {
                     executorService.execute( new ClearTask() );
                     executorService.execute( new ReadLDAPTask() );
-                    LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, "submitted new ldap dredge task to executorService" );
+                    LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, () -> "submitted new ldap dredge task to executorService" );
                 }
             }
             break;
@@ -302,12 +301,16 @@ public class ReportService implements PwmService
                         {
                             if ( returnBean.getCacheTimestamp() == null )
                             {
-                                LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "purging record due to missing cache timestamp: " + JsonUtil.serialize( returnBean ) );
+                                final UserCacheRecord finalBean = returnBean;
+                                LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "purging record due to missing cache timestamp: "
+                                        + JsonUtil.serialize( finalBean ) );
                                 userCacheService.removeStorageKey( key );
                             }
                             else if ( TimeDuration.fromCurrent( returnBean.getCacheTimestamp() ).isLongerThan( settings.getMaxCacheAge() ) )
                             {
-                                LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "purging record due to old age timestamp: " + JsonUtil.serialize( returnBean ) );
+                                final UserCacheRecord finalBean = returnBean;
+                                LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "purging record due to old age timestamp: "
+                                        + JsonUtil.serialize( finalBean ) );
                                 userCacheService.removeStorageKey( key );
                             }
                             else
@@ -506,7 +509,7 @@ public class ReportService implements PwmService
         private void processWorkQueue( )
                 throws ChaiUnavailableException, ChaiOperationException, PwmOperationalException, PwmUnrecoverableException
         {
-            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "beginning process to updating user cache records from ldap" );
+            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "beginning process to updating user cache records from ldap" );
             if ( status != STATUS.OPEN )
             {
                 return;
@@ -529,21 +532,21 @@ public class ReportService implements PwmService
 
             try
             {
-                LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, "about to begin ldap processing with thread count of " + threadCount );
+                LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, () -> "about to begin ldap processing with thread count of " + threadCount );
                 final BlockingThreadPool threadService = new BlockingThreadPool( threadCount, "reporting-thread" );
                 while ( status == STATUS.OPEN && !dnQueue.isEmpty() && !cancelFlag )
                 {
                     final UserIdentity userIdentity = UserIdentity.fromDelimitedKey( dnQueue.poll() );
                     if ( pwmApplication.getConfig().isDevDebugMode() )
                     {
-                        LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, "submit " + Instant.now().toString()
+                        LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, () -> "submit " + Instant.now().toString()
                                 + " size=" + threadService.getQueue().size() );
                     }
                     threadService.blockingSubmit( ( ) ->
                     {
                         if ( pwmApplication.getConfig().isDevDebugMode() )
                         {
-                            LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, "start " + Instant.now().toString()
+                            LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, () -> "start " + Instant.now().toString()
                                     + " size=" + threadService.getQueue().size() );
                         }
                         try
@@ -583,14 +586,14 @@ public class ReportService implements PwmService
                         }
                         if ( pwmApplication.getConfig().isDevDebugMode() )
                         {
-                            LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, "finish " + Instant.now().toString()
+                            LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, () -> "finish " + Instant.now().toString()
                                     + " size=" + threadService.getQueue().size() );
                         }
                     } );
                 }
                 if ( pwmApplication.getConfig().isDevDebugMode() )
                 {
-                    LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, "exit " + Instant.now().toString()
+                    LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, () -> "exit " + Instant.now().toString()
                             + " size=" + threadService.getQueue().size() );
                 }
 
@@ -606,7 +609,7 @@ public class ReportService implements PwmService
                 reportStatus.setFinishDate( Instant.now() );
                 saveTempData();
             }
-            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "update user cache process completed: " + JsonUtil.serialize( reportStatus ) );
+            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "update user cache process completed: " + JsonUtil.serialize( reportStatus ) );
         }
 
 
@@ -635,7 +638,7 @@ public class ReportService implements PwmService
             userCacheService.store( newUserCacheRecord );
             summaryData.update( newUserCacheRecord );
 
-            LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, "stored cache for " + userIdentity );
+            LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL, () -> "stored cache for " + userIdentity );
         }
     }
 
@@ -664,7 +667,7 @@ public class ReportService implements PwmService
             try ( ClosableIterator<UserCacheRecord> iterator = iterator() )
             {
                 final long totalRecords = userCacheService.size();
-                LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "beginning cache review process of " + totalRecords + " records" );
+                LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "beginning cache review process of " + totalRecords + " records" );
                 Instant lastLogOutputTime = Instant.now();
 
                 while ( !cancelFlag && iterator.hasNext() && status == STATUS.OPEN )
@@ -681,10 +684,10 @@ public class ReportService implements PwmService
 
                     if ( TimeDuration.fromCurrent( lastLogOutputTime ).isLongerThan( 30, TimeDuration.Unit.SECONDS ) )
                     {
-                        final TimeDuration progressDuration = TimeDuration.fromCurrent( startTime );
+                        final int finalExamined = examinedRecords;
                         LOGGER.trace( SessionLabel.REPORTING_SESSION_LABEL,
-                                "cache review process in progress, examined " + examinedRecords
-                                        + " in " + progressDuration.asCompactString() );
+                                () -> "cache review process in progress, examined " + finalExamined
+                                        + " in " + TimeDuration.compactFromCurrent( startTime ) );
                         lastLogOutputTime = Instant.now();
                     }
                 }
@@ -729,7 +732,7 @@ public class ReportService implements PwmService
                 final long secondsUntilNextDredge = settings.getJobOffsetSeconds() + TimeDuration.fromCurrent( nextZuluZeroTime ).as( TimeDuration.Unit.SECONDS );
                 final TimeDuration initialDelay = TimeDuration.of( secondsUntilNextDredge, TimeDuration.Unit.SECONDS );
                 pwmApplication.scheduleFixedRateJob( new ProcessWorkQueueTask(), executorService, initialDelay, TimeDuration.DAY );
-                LOGGER.debug( "scheduled daily execution, next task will be at " + nextZuluZeroTime.toString() );
+                LOGGER.debug( () -> "scheduled daily execution, next task will be at " + nextZuluZeroTime.toString() );
             }
             executorService.submit( new RolloverTask() );
             executorService.submit( new ProcessWorkQueueTask() );
@@ -752,7 +755,7 @@ public class ReportService implements PwmService
             if ( reportStatus == null )
             {
                 clearFlag = true;
-                LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "report service did not close cleanly, will clear data." );
+                LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "report service did not close cleanly, will clear data." );
             }
             else
             {
@@ -790,7 +793,7 @@ public class ReportService implements PwmService
         private void doClear( ) throws LocalDBException, PwmUnrecoverableException
         {
             final Instant startTime = Instant.now();
-            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "clearing cached report data" );
+            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "clearing cached report data" );
             clearWorkQueue();
             if ( userCacheService != null )
             {
@@ -798,7 +801,7 @@ public class ReportService implements PwmService
             }
             summaryData = ReportSummaryData.newSummaryData( settings.getTrackDays() );
             reportStatus = new ReportStatusInfo( settings.getSettingsHash() );
-            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, "finished clearing report " + TimeDuration.fromCurrent( startTime ).asCompactString() );
+            LOGGER.debug( SessionLabel.REPORTING_SESSION_LABEL, () -> "finished clearing report " + TimeDuration.compactFromCurrent( startTime ) );
         }
     }
 }

server/src/main/java/password/pwm/svc/shorturl/TinyUrlShortener.java

@@ -55,7 +55,7 @@ public class TinyUrlShortener extends BasicUrlShortener
     {
         try
         {
-            LOGGER.debug( "Trying to shorten url: " + input );
+            LOGGER.debug( () -> "Trying to shorten url: " + input );
             final String encodedUrl = StringUtil.urlEncode( input );
             final String callUrl = apiUrl + encodedUrl;
             final HttpClient httpClient = PwmHttpClient.getHttpClient( context.getConfig() );
@@ -65,7 +65,7 @@ public class TinyUrlShortener extends BasicUrlShortener
             if ( httpResponseCode == 200 )
             {
                 final String responseBody = EntityUtils.toString( httpResponse.getEntity() );
-                LOGGER.debug( "Result: " + responseBody );
+                LOGGER.debug( () -> "Result: " + responseBody );
                 return responseBody;
             }
             else

server/src/main/java/password/pwm/svc/stats/StatisticsManager.java

@@ -388,7 +388,7 @@ public class StatisticsManager implements PwmService
 
         currentDailyKey = new DailyKey( new Date() );
         statsDaily = new StatisticsBundle();
-        LOGGER.debug( "reset daily statistics" );
+        LOGGER.debug( () -> "reset daily statistics" );
     }
 
     public STATUS status( )

server/src/main/java/password/pwm/svc/telemetry/FtpTelemetrySender.java

@@ -88,7 +88,7 @@ public class FtpTelemetrySender implements TelemetrySender
         // connect
         try
         {
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "establishing " + settings.getFtpMode() + " connection to " + settings.getHost() );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "establishing " + settings.getFtpMode() + " connection to " + settings.getHost() );
             ftpClient.connect( settings.getHost() );
 
             final int reply = ftpClient.getReplyCode();
@@ -99,7 +99,7 @@ public class FtpTelemetrySender implements TelemetrySender
                 throw new PwmUnrecoverableException( new ErrorInformation( PwmError.ERROR_TELEMETRY_SEND_ERROR, msg ) );
             }
 
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "connected to " + settings.getHost() );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "connected to " + settings.getHost() );
         }
         catch ( IOException e )
         {
@@ -142,7 +142,7 @@ public class FtpTelemetrySender implements TelemetrySender
                 throw new PwmUnrecoverableException( new ErrorInformation( PwmError.ERROR_TELEMETRY_SEND_ERROR, msg ) );
             }
 
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "authenticated to " + settings.getHost() + " as " + settings.getUsername() );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "authenticated to " + settings.getHost() + " as " + settings.getUsername() );
         }
         catch ( IOException e )
         {
@@ -159,7 +159,7 @@ public class FtpTelemetrySender implements TelemetrySender
             final byte[] fileBytes = dataToJsonZipFile( telemetryPublishBean );
             final ByteArrayInputStream fileStream = new ByteArrayInputStream( fileBytes );
 
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "preparing to transfer " + fileBytes.length + " bytes to file path " + filePath );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "preparing to transfer " + fileBytes.length + " bytes to file path " + filePath );
 
             final Instant startTime = Instant.now();
             ftpClient.storeFile( filePath, fileStream );
@@ -172,7 +172,7 @@ public class FtpTelemetrySender implements TelemetrySender
                 throw new PwmUnrecoverableException( new ErrorInformation( PwmError.ERROR_TELEMETRY_SEND_ERROR, msg ) );
             }
 
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "completed transfer of " + fileBytes.length + " in " + TimeDuration.compactFromCurrent( startTime ) );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "completed transfer of " + fileBytes.length + " in " + TimeDuration.compactFromCurrent( startTime ) );
         }
         catch ( IOException e )
         {
@@ -189,11 +189,11 @@ public class FtpTelemetrySender implements TelemetrySender
             try
             {
                 ftpClient.disconnect();
-                LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "disconnected" );
+                LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "disconnected" );
             }
             catch ( IOException e )
             {
-                LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "error while disconnecting ftp client: " + e.getMessage() );
+                LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "error while disconnecting ftp client: " + e.getMessage() );
             }
         }
     }

server/src/main/java/password/pwm/svc/telemetry/HttpTelemetrySender.java

@@ -76,9 +76,9 @@ public class HttpTelemetrySender implements TelemetrySender
                 body,
                 headers
         );
-        LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "preparing to send telemetry data to '" + settings.getUrl() + ")" );
+        LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "preparing to send telemetry data to '" + settings.getUrl() + ")" );
         pwmHttpClient.makeRequest( pwmHttpClientRequest );
-        LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "sent telemetry data to '" + settings.getUrl() + ")" );
+        LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "sent telemetry data to '" + settings.getUrl() + ")" );
     }
 
     @Getter

server/src/main/java/password/pwm/svc/telemetry/TelemetryService.java

@@ -97,28 +97,28 @@ public class TelemetryService implements PwmService
 
         if ( pwmApplication.getApplicationMode() != PwmApplicationMode.RUNNING )
         {
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "will remain closed, app is not running" );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "will remain closed, app is not running" );
             status = STATUS.CLOSED;
             return;
         }
 
         if ( !pwmApplication.getConfig().readSettingAsBoolean( PwmSetting.PUBLISH_STATS_ENABLE ) )
         {
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "will remain closed, publish stats not enabled" );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "will remain closed, publish stats not enabled" );
             status = STATUS.CLOSED;
             return;
         }
 
         if ( pwmApplication.getLocalDB().status() != LocalDB.Status.OPEN )
         {
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "will remain closed, localdb not enabled" );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "will remain closed, localdb not enabled" );
             status = STATUS.CLOSED;
             return;
         }
 
         if ( pwmApplication.getStatisticsManager().status() != STATUS.OPEN )
         {
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "will remain closed, statistics manager is not enabled" );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "will remain closed, statistics manager is not enabled" );
             status = STATUS.CLOSED;
             return;
         }
@@ -130,7 +130,7 @@ public class TelemetryService implements PwmService
         }
         catch ( PwmUnrecoverableException e )
         {
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "will remain closed, unable to init sender: " + e.getMessage() );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "will remain closed, unable to init sender: " + e.getMessage() );
             status = STATUS.CLOSED;
             return;
         }
@@ -140,7 +140,7 @@ public class TelemetryService implements PwmService
             lastPublishTime = storedLastPublishTimestamp != null
                     ? storedLastPublishTimestamp
                     : pwmApplication.getInstallTime();
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "last publish time was " + JavaHelper.toIsoDate( lastPublishTime ) );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "last publish time was " + JavaHelper.toIsoDate( lastPublishTime ) );
         }
 
         executorService = JavaHelper.makeBackgroundExecutor( pwmApplication, TelemetryService.class );
@@ -189,7 +189,7 @@ public class TelemetryService implements PwmService
         final String authValue = pwmApplication.getStatisticsManager().getStatBundleForKey( StatisticsManager.KEY_CUMULATIVE ).getStatistic( Statistic.AUTHENTICATIONS );
         if ( StringUtil.isEmpty( authValue ) || Integer.parseInt( authValue ) < settings.getMinimumAuthentications() )
         {
-            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "skipping telemetry send, authentication count is too low" );
+            LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "skipping telemetry send, authentication count is too low" );
         }
         else
         {
@@ -197,7 +197,7 @@ public class TelemetryService implements PwmService
             {
                 final TelemetryPublishBean telemetryPublishBean = generatePublishableBean();
                 sender.publish( telemetryPublishBean );
-                LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "sent telemetry data: " + JsonUtil.serialize( telemetryPublishBean ) );
+                LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "sent telemetry data: " + JsonUtil.serialize( telemetryPublishBean ) );
             }
             catch ( PwmException e )
             {
@@ -215,7 +215,7 @@ public class TelemetryService implements PwmService
     {
         final TimeDuration durationUntilNextPublish = durationUntilNextPublish();
         pwmApplication.scheduleFutureJob( new PublishJob(), executorService, durationUntilNextPublish );
-        LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "next publish time: " + durationUntilNextPublish().asCompactString() );
+        LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "next publish time: " + durationUntilNextPublish().asCompactString() );
     }
 
     private class PublishJob implements Runnable
@@ -301,7 +301,7 @@ public class TelemetryService implements PwmService
                 }
                 catch ( Exception e )
                 {
-                    LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, "unable to read ldap vendor type for stats publication: " + e.getMessage() );
+                    LOGGER.trace( SessionLabel.TELEMETRY_SESSION_LABEL, () -> "unable to read ldap vendor type for stats publication: " + e.getMessage() );
                 }
             }
         }

server/src/main/java/password/pwm/svc/token/TokenService.java

@@ -205,7 +205,7 @@ public class TokenService implements PwmService
 
 
         status = STATUS.OPEN;
-        LOGGER.debug( "open" );
+        LOGGER.debug( () -> "open" );
     }
 
     public boolean supportsName( )
@@ -231,7 +231,7 @@ public class TokenService implements PwmService
             throw new PwmOperationalException( errorInformation );
         }
 
-        LOGGER.trace( sessionLabel, "generated token with payload: " + tokenPayload.toDebugString() );
+        LOGGER.trace( sessionLabel, () -> "generated token with payload: " + tokenPayload.toDebugString() );
 
         final AuditRecord auditRecord = new AuditRecordFactory( pwmApplication ).createUserAuditRecord(
                 AuditEvent.TOKEN_ISSUED,
@@ -262,7 +262,7 @@ public class TokenService implements PwmService
         {
             try
             {
-                LOGGER.trace( pwmSession, "removing claimed token: " + tokenPayload.toDebugString() );
+                LOGGER.trace( pwmSession, () -> "removing claimed token: " + tokenPayload.toDebugString() );
                 tokenMachine.removeToken( tokenKey );
             }
             catch ( PwmOperationalException e )
@@ -445,7 +445,7 @@ public class TokenService implements PwmService
         while ( tokenKey == null && attempts < maxUniqueCreateAttempts )
         {
             tokenKey = makeRandomCode( configuration );
-            LOGGER.trace( sessionLabel, "generated new token random code, checking for uniqueness" );
+            LOGGER.trace( sessionLabel, () -> "generated new token random code, checking for uniqueness" );
             final TokenPayload existingPayload = machine.retrieveToken( tokenMachine.keyFromKey( tokenKey ) );
             if ( existingPayload != null )
             {
@@ -459,7 +459,10 @@ public class TokenService implements PwmService
             throw new PwmOperationalException( new ErrorInformation( PwmError.ERROR_INTERNAL, "unable to generate a unique token key after " + attempts + " attempts" ) );
         }
 
-        LOGGER.trace( sessionLabel, "created new unique random token value after " + attempts + " attempts" );
+        {
+            final int finalAttempts = attempts;
+            LOGGER.trace( sessionLabel, () -> "created new unique random token value after " + finalAttempts + " attempts" );
+        }
         return tokenKey;
     }
 
@@ -566,7 +569,7 @@ public class TokenService implements PwmService
                 errorInformation = new ErrorInformation( PwmError.ERROR_TOKEN_INCORRECT, e.getMessage() );
             }
 
-            LOGGER.debug( pwmSession, errorInformation.toDebugStr() );
+            LOGGER.debug( pwmSession, errorInformation );
 
             if ( sessionUserIdentity != null && tokenEntryType == TokenEntryType.unauthenticated )
             {
@@ -605,7 +608,7 @@ public class TokenService implements PwmService
             throw new PwmOperationalException( errorInformation );
         }
 
-        LOGGER.trace( pwmSession, "retrieved tokenPayload: " + tokenPayload.toDebugString() );
+        LOGGER.trace( pwmSession, () -> "retrieved tokenPayload: " + tokenPayload.toDebugString() );
 
         if ( tokenType != null && pwmApplication.getTokenService().supportsName() )
         {
@@ -642,7 +645,7 @@ public class TokenService implements PwmService
 
                 final String dateStringInToken = tokenPayload.getData().get( PwmConstants.TOKEN_KEY_PWD_CHG_DATE );
 
-                LOGGER.trace( pwmSession, "tokenPayload=" + tokenPayload.toDebugString()
+                LOGGER.trace( pwmSession, () -> "tokenPayload=" + tokenPayload.toDebugString()
                         + ", sessionUser=" + ( sessionUserIdentity == null ? "null" : sessionUserIdentity.toDisplayString() )
                         + ", payloadUserIdentity=" + tokenPayload.getUserIdentity().toDisplayString()
                         + ", userLastPasswordChange=" + JavaHelper.toIsoDate( userLastPasswordChange )
@@ -657,7 +660,7 @@ public class TokenService implements PwmService
                     {
                         final String errorString = "user password has changed since token issued, token rejected;"
                                 + " currentValue=" + userChangeString + ", tokenValue=" + dateStringInToken;
-                        LOGGER.trace( pwmSession, errorString + "; token=" + tokenPayload.toDebugString() );
+                        LOGGER.trace( pwmSession, () -> errorString + "; token=" + tokenPayload.toDebugString() );
                         final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_TOKEN_EXPIRED, errorString );
                         throw new PwmOperationalException( errorInformation );
                     }
@@ -671,7 +674,7 @@ public class TokenService implements PwmService
             }
         }
 
-        LOGGER.debug( pwmSession, "token validation has been passed" );
+        LOGGER.debug( pwmSession, () -> "token validation has been passed" );
         return tokenPayload;
     }
 
@@ -743,7 +746,7 @@ public class TokenService implements PwmService
                     configuredEmailSetting.getBodyPlain().replace( "%TOKEN%", tokenSendInfo.getTokenKey() ),
                     configuredEmailSetting.getBodyHtml().replace( "%TOKEN%", tokenSendInfo.getTokenKey() )
             ), tokenSendInfo.getUserInfo(), tokenSendInfo.getMacroMachine() );
-            LOGGER.debug( "token email added to send queue for " + toAddress );
+            LOGGER.debug( () -> "token email added to send queue for " + toAddress );
             return true;
         }
 
@@ -765,7 +768,7 @@ public class TokenService implements PwmService
             pwmApplication.getIntruderManager().mark( RecordType.TOKEN_DEST, smsNumber, tokenSendInfo.getSessionLabel() );
 
             pwmApplication.sendSmsUsingQueue( smsNumber, modifiedMessage, tokenSendInfo.getSessionLabel(), tokenSendInfo.getMacroMachine() );
-            LOGGER.debug( "token SMS added to send queue for " + smsNumber );
+            LOGGER.debug( () -> "token SMS added to send queue for " + smsNumber );
             return true;
         }
         }

server/src/main/java/password/pwm/svc/token/TokenUtil.java

@@ -95,7 +95,7 @@ public class TokenUtil
             effectiveItems.add( effectiveItem );
         }
 
-        LOGGER.trace( sessionLabel, "calculated available token send destinations: " + JsonUtil.serializeCollection( effectiveItems ) );
+        LOGGER.trace( sessionLabel, () -> "calculated available token send destinations: " + JsonUtil.serializeCollection( effectiveItems ) );
 
         if ( tokenDestinations.isEmpty() )
         {

server/src/main/java/password/pwm/svc/wordlist/AbstractWordlist.java

@@ -270,7 +270,7 @@ abstract class AbstractWordlist implements Wordlist, PwmService
         activity = Wordlist.Activity.Clearing;
         writeWordlistStatus( WordlistStatus.builder().build() );
         getWordlistBucket().clear();
-        getLogger().debug( "cleared stored wordlist (" + TimeDuration.compactFromCurrent( startTime ) + ")" );
+        getLogger().debug( () -> "cleared stored wordlist (" + TimeDuration.compactFromCurrent( startTime ) + ")" );
         setActivity( postCleanActivity );
     }
 
@@ -298,7 +298,7 @@ abstract class AbstractWordlist implements Wordlist, PwmService
         cancelBackgroundAndRunImmediate( () ->
         {
             setActivity( Activity.Importing );
-            getLogger().debug( "beginning direct user-supplied wordlist import" );
+            getLogger().debug( () -> "beginning direct user-supplied wordlist import" );
             setAutoImportError( null );
             final WordlistZipReader wordlistZipReader = new WordlistZipReader( inputStream );
             final WordlistImporter wordlistImporter = new WordlistImporter(
@@ -309,7 +309,7 @@ abstract class AbstractWordlist implements Wordlist, PwmService
                     () -> wlStatus != STATUS.OPEN
             );
             wordlistImporter.run();
-            getLogger().debug( "completed direct user-supplied wordlist import" );
+            getLogger().debug( () -> "completed direct user-supplied wordlist import" );
         } );
 
         setActivity( Activity.Idle );