You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using logbook 3.9.0 with the latest Springboot 2.7.x release the HTTP error responses returned by Spring security are not part of the logs anymore.
Description
Until recently we were using logbook 2.16.0 which was working very well with our Spring servlet stack (Springboot + Spring security 2.7.18).
We recently decided to jump from logbook 2.xx.x to 3.x.x
But now the errors handled by Spring security are not logged anymore.
To be noticed that I don't have the same behaviour if I upgrade my demo project to springboot & security 3.3.x where everything works as expected.
It's not an option for us to migrate to Springboot 3.x.x at the moment.
Maybe it's a misconfiguration (or misreading of the documentation) on our side, but I already double checked and our implementation looks good to me (at least accordingly to the logbook's documentation about spring 5 and springboot-starter).
Expected Behavior
if it's an actual bug then HTTP error responses returned by Spring security should be logged by logbook.
if it's not a bug then the documentation should be improved to help the user to properly implement logbook with the stack I specified earlier (if it's still supported by the logbook team of course).
Actual Behavior
Nothing is logged when Spring Security returns 401 or 403.
Steps to Reproduce
specify logbook-spring-boot-starter & logbook-servlet (javax) version 3.9.0 into you pom.xml file as well as spring-boot-starter-parent & spring-boot-starter-security to version 2.18.0
gilles-gardet
changed the title
Logbook with SpringBoot + Spring security 2.7.x fails to log unauthorized or forbidden requests
Logbook with SpringBoot + Spring security 2.7.x fails to log unauthorized or forbidden responses
Jun 20, 2024
In order to prioritize the support for Logbook, we would like to check whether the old issues are still relevant.
This issue has not been updated for over six months.
Please check if it is still relevant in latest version of the Logbook.
If so, please add a descriptive comment to keep the issue open.
Otherwise, the issue will automatically be closed after a week.
When using logbook 3.9.0 with the latest Springboot 2.7.x release the HTTP error responses returned by Spring security are not part of the logs anymore.
Description
Until recently we were using logbook 2.16.0 which was working very well with our Spring servlet stack (Springboot + Spring security 2.7.18).
We recently decided to jump from logbook 2.xx.x to 3.x.x
But now the errors handled by Spring security are not logged anymore.
To be noticed that I don't have the same behaviour if I upgrade my demo project to springboot & security 3.3.x where everything works as expected.
It's not an option for us to migrate to Springboot 3.x.x at the moment.
Maybe it's a misconfiguration (or misreading of the documentation) on our side, but I already double checked and our implementation looks good to me (at least accordingly to the logbook's documentation about spring 5 and springboot-starter).
Expected Behavior
Actual Behavior
Nothing is logged when Spring Security returns 401 or 403.
Steps to Reproduce
logbook-spring-boot-starter
&logbook-servlet
(javax) version 3.9.0 into you pom.xml file as well asspring-boot-starter-parent
&spring-boot-starter-security
to version 2.18.0logbook.secure-filter.enabled
&logbook.filter.enabled
properties totrue
(should not be needed) into the application propertiesor
clone the given demo project and follow steps 5 to 7.
Context
Since we are not able to log HTTP errors we can't provide metrics about forbidden/unauthorized responses (without extra work).
Your Environment
The text was updated successfully, but these errors were encountered: