Parker Drake for Focused

Posted on Jan 21, 2021 • Updated on Sep 11, 2021 • Originally published at focusedlabs.io

Debugging Spring Security

#security #spring #bloggolf #todayilearned

Spring Security is hard to debug and hard to test. Make your life easier with significantly better log output by using debug = true in the EnableWebSecurity annotation:

@EnableWebSecurity(debug = true)
public class CustomConfig extends WebSecurityConfigurerAdapter {
    // your config here
}

Don't use this in production!

Top comments (2)

Michiel Hendriks • Jan 21 '21

It is better to handle this via a property in your WebSecurityConfigurerAdapter

@EnableWebSecurity
public class CustomConfig extends WebSecurityConfigurerAdapter {

    @Value("${spring.security.debug:false}")
    boolean securityDebug;

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.debug(securityDebug);
    }
}

James McMahon • Jan 21 '21

Thanks for writing this one down. The information is out there of course, but I have worked with Spring Security for so long not knowing about this switch.

DEV Community

Debugging Spring Security

Top comments (2)

Read next

How to Ensure Your Full Stack JavaScript Apps Meet Security Standards

Opaque token vs JWT

Introducing CODE THEFT AUTO: Terraform Heists in the Cloud! 🚀

Pulsar preventing vulnerabilities #1 — polkit (CVE-2021–4034)