Parker Drake for Focused Labs

Posted on Jan 21, 2021 • Updated on Sep 11, 2021 • Originally published at focusedlabs.io

Debugging Spring Security

#security #spring #bloggolf #todayilearned

Spring Security is hard to debug and hard to test. Make your life easier with significantly better log output by using debug = true in the EnableWebSecurity annotation:

@EnableWebSecurity(debug = true)
public class CustomConfig extends WebSecurityConfigurerAdapter {
    // your config here
}

Don't use this in production!

Top comments (2)

Michiel Hendriks • Jan 21 '21

It is better to handle this via a property in your WebSecurityConfigurerAdapter

@EnableWebSecurity
public class CustomConfig extends WebSecurityConfigurerAdapter {

    @Value("${spring.security.debug:false}")
    boolean securityDebug;

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.debug(securityDebug);
    }
}

James McMahon • Jan 21 '21

Thanks for writing this one down. The information is out there of course, but I have worked with Spring Security for so long not knowing about this switch.

DEV Community

Debugging Spring Security

Top comments (2)

Read next

Terraform & HashiCorp Vault Integration: Seamless Secrets Management

Optimizing and Scaling Your AI-Powered Backend in Kotlin: Advanced Techniques

7 Frameworks, One SAML Jackson - Your Open Source Single Sign-On Solution

COMMON VULNERABILITIES: REENTRANCY PART — I