Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I enable logging for Spring Security?

I am setting up Spring Security to handle logging users in. I have logged in as a user, and am taken to an Access Denied error page upon successful login. I don't know what roles my user has actually been assigned, or the rule that causes access to be denied, because I can't figure out how to enable debugging for the Spring Security library.

My security xml:

<?xml version="1.0" encoding="UTF-8"?> <beans ... >     <!-- security -->      <security:debug/><!-- doesn't seem to be working -->      <security:http auto-config="true">          <security:intercept-url pattern="/Admin**" access="hasRole('PROGRAMMER') or hasRole('ADMIN')"/>         <security:form-login login-page="/Load.do"             default-target-url="/Admin.do?m=loadAdminMain"             authentication-failure-url="/Load.do?error=true"             username-parameter="j_username"             password-parameter="j_password"             login-processing-url="/j_spring_security_check"/>         <security:csrf/><!-- enable Cross Site Request Forgery protection -->     </security:http>      <security:authentication-manager>         <security:authentication-provider>             <security:jdbc-user-service data-source-ref="loginDataSource"                 users-by-username-query="SELECT username, password, active FROM userinformation WHERE username = ?"                 authorities-by-username-query="                     SELECT ui.username, r.rolename                      FROM role r, userrole ur, userinformation ui                      WHERE ui.username=?                      AND ui.userinformationid = ur.userinformationid                      AND ur.roleid = r.roleid "             />             <security:password-encoder hash="md5"/>         </security:authentication-provider>     </security:authentication-manager> </beans> 

I've also tried adding log4j.logger.org.springframework.security=DEBUG to my log4j.properties

How can I get debug output for Spring Security?

like image 480
Martin Avatar asked Jun 15 '15 21:06

Martin


People also ask

How do I get a spring boot logger?

In the case of logging, the only mandatory dependency is Apache Commons Logging. We need to import it only when using Spring 4. x (Spring Boot 1. x) since it's provided by Spring Framework's spring-jcl module in Spring 5 (Spring Boot 2.

How do I enable method level security in spring?

Method-level security is implemented by placing the @PreAuthorize annotation on controller methods (actually one of a set of annotations available, but the most commonly used). This annotation contains a Spring Expression Language (SpEL) snippet that is assessed to determine if the request should be authenticated.

Which logging does spring use?

Spring Boot uses Commons Logging for all internal logging but leaves the underlying log implementation open. Default configurations are provided for Java Util Logging, Log4J2, and Logback. In each case, loggers are pre-configured to use console output with optional file output also available.


2 Answers

Assuming you're using Spring Boot, another option is to put the following in your application.properties:

logging.level.org.springframework.security=DEBUG 

This is the same for most other Spring modules as well.

If you're not using Spring Boot, try setting the property in your logging configuration, e.g. logback.

Here is the application.yml version as well:

logging:   level:     org:       springframework:         security: DEBUG 
like image 112
delucasvb Avatar answered Sep 21 '22 14:09

delucasvb


You can easily enable debugging support using an option for the @EnableWebSecurity annotation:

@EnableWebSecurity(debug = true) public class SecurityConfiguration extends WebSecurityConfigurerAdapter {     … } 
like image 37
Michael Piefel Avatar answered Sep 20 '22 14:09

Michael Piefel