Enable/Disable profile specific spring security debug flag

Enable/Disable profile specific spring security debug flag

Spring security comes with a handly feature to enable debug flag to see a nice debug log as shown below to see what is happening with your application.

************************************************************


2020-04-21 21:19:16.829  INFO 12332 --- [nio-8080-exec-5] Spring Security Debugger                 :

************************************************************

Request received for GET '/images/favicon.ico':

[email protected]

servletPath:/images/favicon.ico
pathInfo:null
headers:
host: localhost:8080
connection: keep-alive
pragma: no-cache
cache-control: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
sec-fetch-dest: image
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
referer: http://localhost:8080/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,hi;q=0.8
cookie: ext_name=jaehkpjddfdgiiefcnhahapilbejohhj; JSESSIONID=B31522BDCCAA126406166C25DBE9DE96; sub_pop=1587484276805


Security filter chain: [] empty (bypassed by security='none')


************************************************************

You can control this feature from your bean configuration code

@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter 

Still, you may want to control it from application.properties files for some profiles. Like I want to keep it on for dev only.

org.springframework.security.config.annotation.web.builders.WebSecurity.debugEnabled=true

Leave a Reply

Your email address will not be published. Required fields are marked *