如何为 Spring Security 启用日志记录? [英] How do I enable logging for Spring Security?

问题描述

我正在设置 Spring Security 来处理登录用户.我已以用户身份登录，并在成功登录后进入拒绝访问错误页面.我不知道我的用户实际上被分配了哪些角色，或者导致访问被拒绝的规则，因为我不知道如何为 Spring Security 库启用调试.

I am setting up Spring Security to handle logging users in. I have logged in as a user, and am taken to an Access Denied error page upon successful login. I don't know what roles my user has actually been assigned, or the rule that causes access to be denied, because I can't figure out how to enable debugging for the Spring Security library.

我的安全xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans ... >
    <!-- security -->

    <security:debug/><!-- doesn't seem to be working -->

    <security:http auto-config="true">

        <security:intercept-url pattern="/Admin**" access="hasRole('PROGRAMMER') or hasRole('ADMIN')"/>
        <security:form-login login-page="/Load.do"
            default-target-url="/Admin.do?m=loadAdminMain"
            authentication-failure-url="/Load.do?error=true"
            username-parameter="j_username"
            password-parameter="j_password"
            login-processing-url="/j_spring_security_check"/>
        <security:csrf/><!-- enable Cross Site Request Forgery protection -->
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:jdbc-user-service data-source-ref="loginDataSource"
                users-by-username-query="SELECT username, password, active FROM userinformation WHERE username = ?"
                authorities-by-username-query="
                    SELECT ui.username, r.rolename 
                    FROM role r, userrole ur, userinformation ui 
                    WHERE ui.username=? 
                    AND ui.userinformationid = ur.userinformationid 
                    AND ur.roleid = r.roleid "
            />
            <security:password-encoder hash="md5"/>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

我也尝试将 log4j.logger.org.springframework.security=DEBUG 添加到我的 log4j.properties

I've also tried adding log4j.logger.org.springframework.security=DEBUG to my log4j.properties

如何获得 Spring Security 的调试输出?

How can I get debug output for Spring Security?

推荐答案

假设您正在使用 Spring Boot，另一种选择是将以下内容放入您的 application.properties:

Assuming you're using Spring Boot, another option is to put the following in your application.properties:

logging.level.org.springframework.security=DEBUG

这对于大多数其他 Spring 模块也是一样的.

This is the same for most other Spring modules as well.

如果您不使用 Spring Boot，请尝试在日志记录配置中设置该属性，例如回滚.

If you're not using Spring Boot, try setting the property in your logging configuration, e.g. logback.

这里也是 application.yml 版本:

Here is the application.yml version as well:

logging:
  level:
    org:
      springframework:
        security: DEBUG

这篇关于如何为 Spring Security 启用日志记录?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！