我有一个Spring Security应用程序,它目前不会记录访问被拒绝的异常。我正在尝试弄清楚我需要在log4j配置中更改哪些设置以使访问被拒绝的异常被记录。
我目前使用默认的org.springframework.security.web.access.AccessDeniedHandlerImpl作为我的AccessDeniedHandler(有一个参数用于errorPage)。我是否需要从现有的AccessDeniedHandler创建替换或继承?或者是否有像logExceptions = true这样的设置我可以添加到AccessDeniedHandler?
或者是否需要更改一些log4j记录器设置?我目前有以下设置:
log4j.logger.org.springframework.security=WARN
答案 0 :(得分:0)
配置的日志级别太高。访问被拒绝的异常将记录在级别DEBUG中:
2018-07-18 16:15:09.802 DEBUG 30380 --- [ main] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
[..]
因此添加一个org.springframework.security.web.access=DEBUG之类的日志记录规则以查看它。