[英]How to get body of http request/response as log in spring security if login failed
I am trying to get log of http request/response in spring security.我正在尝试在 spring 安全性中获取 http 请求/响应的日志。 It's no problem if login is success.
登录成功是没有问题的。 But when login fails I can't get body.
但是当登录失败时,我无法获取正文。 I am using slf4j of lombok and zalando logbook library .
我正在使用 lombok 和zalando logbook library的 slf4j 。
This is my spring-security config:这是我的 spring-security 配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/test/get/**").hasAnyRole("USER")
.antMatchers("/test/get-all").hasRole("ADMIN")
.antMatchers("/test/save").hasRole("ADMIN")
.and()
.formLogin()
.permitAll()
.and()
.httpBasic();
}
If login success I get such logs (There is body of response):如果登录成功,我会得到这样的日志(有响应正文):
{"origin":"local","type":"response","body":"I am saving {\"str\": \"Hello world\"\r\n}"}
If login fails I get response without body:如果登录失败,我会得到没有正文的响应:
{"origin":"local","type":"response", "X-XSS-Protection":["1; mode=block"]}}
How to get the body of response/request if login fails?如果登录失败,如何获取响应/请求的正文?
It seems that you are using formLogin()
, so you can do this:您似乎正在使用
formLogin()
,因此您可以这样做:
http
.formLogin()
.failureHandler((req, res, authentication) -> /*do whatever you want with req, res and authentication*/)
...
The AuthenticationFailureHandler
interface defines one method where you have available the HTTP request, response, and the Authentication object. AuthenticationFailureHandler
接口定义了一种方法,您可以在其中使用 HTTP 请求、响应和身份验证 object。
void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.