How to get body of http request/response as log in spring security if login failed

Question

I am trying to get log of http request/response in spring security. It's no problem if login is success. But when login fails I can't get body. I am using slf4j of lombok and zalando logbook library .

This is my spring-security config:

 @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .authorizeRequests()
            .antMatchers("/test/get/**").hasAnyRole("USER")
            .antMatchers("/test/get-all").hasRole("ADMIN")
            .antMatchers("/test/save").hasRole("ADMIN")
            .and()
            .formLogin()
            .permitAll()
            .and()
            .httpBasic();
}

If login success I get such logs (There is body of response):

{"origin":"local","type":"response","body":"I am saving {\"str\": \"Hello world\"\r\n}"}

If login fails I get response without body:

{"origin":"local","type":"response", "X-XSS-Protection":["1; mode=block"]}}

How to get the body of response/request if login fails?

Answer 1

It seems that you are using formLogin() , so you can do this:

http
    .formLogin()
        .failureHandler((req, res, authentication) -> /*do whatever you want with req, res and authentication*/)
    ...

The AuthenticationFailureHandler interface defines one method where you have available the HTTP request, response, and the Authentication object.

void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)