If you have ever used Spring Security module for authentication or authorization then you already know the pain while debugging the errors that has encountered while customizing the Spring Web Security i.e. by using annotation like @EnableWebSecurity to customize the Spring Security configuration by extending the WebSecurityConfigurerAdapter base class and overriding individual methods. Today we would be discussing three ways that would help us to debug Spring Security related error nicely as we will be logging more detailed information in debug mode that would in turn help us in resolving the issues.
Disclaimer: I have tried these methods in Spring Boot and it worked like charm.
For reference, see the logs
One should always keep one thing in mind that depending on the configuration we state in our security configuration class, the order and number of the filters in the filter chain may differ. Let's understand it by an example: http.anonymous().disable() in the class extending WebSecurityConfigurerAdapter class would exclude AnonymousAuthenticationFilter from the filter chain.
Happy Learning!! Hoping that now you would play with these debug level log and resolve your Spring Security related errors in lesser time.
Disclaimer: I have tried these methods in Spring Boot and it worked like charm.
1. Turn On the Debug Level log for Spring Framework Web & Security module
As per your convenience, set the below properties in application.yml or application.properties file.logging.level.org.springframework.security=DEBUG logging.level.org.springframework.web=DEBUG
2. More concerned about Filter Chain
If one is more concerned about Filter Chain related log information then one could also log in more granular level i.e. logging the FilterChainProxy class.#application.yml logging: level: org: springframework: security: web: FilterChainProxy: DEBUG or #application.properties logging.level.org.springframework.web.FilterChainProxy=Debug
3. Additional Filter logs specific to a particular request
If one would like to see what different filters are applied to particular request then one could also set the debug flag to true in @EnableWebSecurity annotation.@EnableWebSecurity(debug = true)
************************************************************ Request received for GET '/oauth/token': org.apache.catalina.connector.RequestFacade@2a27c195 servletPath:/oauth/token pathInfo:null headers: host: localhost:8060 connection: keep-alive upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cookie: _ga=GA1.1.46570692.1519211292; JSESSIONID=2BDB6DDBCD404F240AF3DB3331C25BF4 Security filter chain: [ WebAsyncManagerIntegrationFilter SecurityContextPersistenceFilter HeaderWriterFilter LogoutFilter BasicAuthenticationFilter RequestCacheAwareFilter SecurityContextHolderAwareRequestFilter AnonymousAuthenticationFilter SessionManagementFilter ExceptionTranslationFilter FilterSecurityInterceptor ] ************************************************************
Happy Learning!! Hoping that now you would play with these debug level log and resolve your Spring Security related errors in lesser time.