spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

Improve logging for Global Authentication

Open Kehrlann opened this issue 1 year ago • 0 comments

Closes gh-14663

See the issue for use-case matrix.

Open questions

I'd like to draw your attention to the following:

  • [ ] Review log messages, are they appropriate?
  • [ ] Review log levels, are they appropriate?
  • [ ] The class names are too long and are truncated in the log lines. Is there something I should do?

Example log lines:

1 UserDetailsService ; INFO level:

2024-03-08T14:23:23.058+01:00  INFO 49038 --- [           main] r$InitializeUserDetailsManagerConfigurer : Global AuthenticationManager configured with UserDetailsService bean with name myUserDetailsService

2 UserDetailsService ; WARN level:

2024-03-08T14:25:11.644+01:00  WARN 49146 --- [           main] r$InitializeUserDetailsManagerConfigurer : Found 2 UserDetailsService beans, with names [myUserDetailsService, secondUserDetailsService]. Global Authentication Manager will not use a UserDetailsService for username/password login.

1 AuthenticationProvider and at least 1 UserDetailsService bean, WARN level:

2024-03-08T14:22:27.832+01:00  WARN 48979 --- [           main] r$InitializeUserDetailsManagerConfigurer : Global AuthenticationManager configured with an AuthenticationProvider bean. UserDetailsService beans will not be used for username/password login.

1 AuthenticationProvider, INFO level:

2024-03-08T14:22:27.831+01:00  INFO 48979 --- [           main] eAuthenticationProviderManagerConfigurer : Global AuthenticationManager configured with AuthenticationProvider bean with name myAuthProvider

2 AuthenticationProviders, WARN level:

2024-03-08T14:23:23.048+01:00  WARN 49038 --- [           main] eAuthenticationProviderManagerConfigurer : Found 2 AuthenticationProvider beans, with names [myAuthProvider, secondAuthProvider]. Global Authentication Manager will not be configured with AuthenticationProviders.

Interaction between the configurers

When the two configurers produce log lines, here are a few examples:

2 AuthenticationProvider, 1 UserDetailsService:

2024-03-08T14:22:27.831+01:00  INFO 48979 --- [           main] eAuthenticationProviderManagerConfigurer : Global AuthenticationManager configured with AuthenticationProvider bean with name myAuthProvider
2024-03-08T14:22:27.832+01:00  WARN 48979 --- [           main] r$InitializeUserDetailsManagerConfigurer : Global AuthenticationManager configured with an AuthenticationProvider bean. UserDetailsService beans will not be used for username/password login.

2 AuthenticationProviders, 1 UserDetailsService:

2024-03-08T14:23:23.048+01:00  WARN 49038 --- [           main] eAuthenticationProviderManagerConfigurer : Found 2 AuthenticationProvider beans, with names [myAuthProvider, secondAuthProvider]. Global Authentication Manager will not be configured with AuthenticationProviders.
2024-03-08T14:23:23.058+01:00  INFO 49038 --- [           main] r$InitializeUserDetailsManagerConfigurer : Global AuthenticationManager configured with UserDetailsService bean with name myUserDetailsService

Kehrlann avatar Mar 08 '24 13:03 Kehrlann