Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.5k views
in Technique[技术] by (71.8m points)

debugging - How do I enable logging for Spring Security?

I am setting up Spring Security to handle logging users in. I have logged in as a user, and am taken to an Access Denied error page upon successful login. I don't know what roles my user has actually been assigned, or the rule that causes access to be denied, because I can't figure out how to enable debugging for the Spring Security library.

My security xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans ... >
    <!-- security -->

    <security:debug/><!-- doesn't seem to be working -->

    <security:http auto-config="true">

        <security:intercept-url pattern="/Admin**" access="hasRole('PROGRAMMER') or hasRole('ADMIN')"/>
        <security:form-login login-page="/Load.do"
            default-target-url="/Admin.do?m=loadAdminMain"
            authentication-failure-url="/Load.do?error=true"
            username-parameter="j_username"
            password-parameter="j_password"
            login-processing-url="/j_spring_security_check"/>
        <security:csrf/><!-- enable Cross Site Request Forgery protection -->
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:jdbc-user-service data-source-ref="loginDataSource"
                users-by-username-query="SELECT username, password, active FROM userinformation WHERE username = ?"
                authorities-by-username-query="
                    SELECT ui.username, r.rolename 
                    FROM role r, userrole ur, userinformation ui 
                    WHERE ui.username=? 
                    AND ui.userinformationid = ur.userinformationid 
                    AND ur.roleid = r.roleid "
            />
            <security:password-encoder hash="md5"/>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

I've also tried adding log4j.logger.org.springframework.security=DEBUG to my log4j.properties

How can I get debug output for Spring Security?

Question&Answers:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Assuming you're using Spring Boot, another option is to put the following in your application.properties:

logging.level.org.springframework.security=DEBUG

This is the same for most other Spring modules as well.

If you're not using Spring Boot, try setting the property in your logging configuration, e.g. logback.

Here is the application.yml version as well:

logging:
  level:
    org:
      springframework:
        security: DEBUG

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...