Spring Boot 2 Actuator Httptrace Principal is null

Question

I have a restful web application using spring boot 2, with the actuator, and spring security.

While doing some testing, I was checking out the /httptrace path and realized that the principal was coming back as null. I'm pretty confused why that would be the case, as when I debug log the SecurityContextHolder.getContext().getAuthentication().getPrincipal() I get back my Application object, which implements UserDetails.

So I'm curious why the principal is coming back as null, when I have a principal. If there are more details I can provide to help resolve this let me know in the comments and I will include them.

{
    "traces":[
        {
            "timestamp":"2019-06-19T16:14:33.252994100Z",
            "principal":null,
            "session":null,
            "request":{
                "method":"GET",
                "uri":"http://localhost:8080/api/ims/oneroster/v1p1/orgs",
                "headers":{
                    "cookie":[
                        "JSESSIONID=095BD749...."
                    ],
                    "postman-token":[
                        "54c241d7-8810-459c-b62a-bd64e9c73e9f"
                    ],
                    "host":[
                        "localhost:8080"
                    ],
                    "connection":[
                        "keep-alive"
                    ],
                    "cache-control":[
                        "no-cache"
                    ],
                    "accept-encoding":[
                        "gzip, deflate"
                    ],
                    "user-agent":[
                        "PostmanRuntime/7.15.0"
                    ],
                    "accept":[
                        "*/*"
                    ]
                },
                "remoteAddress":null
            },
            "response":{
                "status":"200",
                "headers":{
                    "X-Frame-Options":[
                        "DENY"
                    ],
                    "Transfer-Encoding":[
                        "chunked"
                    ],
                    "Cache-Control":[
                        "no-cache, no-store, max-age=0, must-revalidate"
                    ],
                    "X-Content-Type-Options":[
                        "nosniff"
                    ],
                    "Pragma":[
                        "no-cache"
                    ],
                    "Expires":[
                        "0"
                    ],
                    "X-XSS-Protection":[
                        "1; mode=block"
                    ],
                    "Date":[
                        "Wed, 19 Jun 2019 16:14:33 GMT"
                    ],
                    "Content-Type":[
                        "application/json;charset=UTF-8"
                    ]
                }
            },
            "timeTaken":"389"
        }
    ]
}

Answer 1

By default Spring Actuator HTTP tracing only includes a subset of values. You have to configure Spring to include the principle, for example:

management.trace.http.include=principal,request-headers,response-headers,cookie-headers,time-taken,authorization-header,remote-address,session-id