Search code examples
web-servicessoapspring-securitybasic-authentication

DEBUG [FilterSecurityInterceptor] Previously Authenticated

I am developing a soap web service using https channel. The user credentials and roles are defined in a property file.

<security:http  authentication-manager-ref="basicauthenticationManager" pattern="/webservice" entry-point-ref="basicAuthEntryPoint" access-denied-page="/WEB-INF/views/ws404.html" use-expressions="true">
    <security:intercept-url pattern="/webservice/*" access="hasAnyRole('ROLE_USER')"  requires-channel="https"/>
    <security:intercept-url pattern="/webservice" access="hasAnyRole('ROLE_USER')" requires-channel="https"/>
    <security:custom-filter ref="basicAuthenticationFilter" after="BASIC_AUTH_FILTER" />
</security:http>



<security:authentication-manager id="basicauthenticationManager">
   <security:authentication-provider >
        <security:user-service properties="classpath:users.properties">             
        </security:user-service>        
   </security:authentication-provider>
</security:authentication-manager>

When I call the web service only once I dont get any DEBUG error message but when called in a loop get the following error

ERROR

11:53:13,721 DEBUG [FilterSecurityInterceptor] Previously Authenticated: org.springframework.security.authenti cation.AnonymousAuthenticationToken@90556c3e: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticate d: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de6: RemoteIpAddre ss: 10.11.160.39; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 11:53:13,722 DEBUG [AffirmativeBased] Voter: org.springframework.security.web.access.expression.WebExpressionV oter@19c0b5c, returned: -1 11:53:13,723 DEBUG [ExceptionTranslationFilter] Access is denied (user is anonymous); redirecting to authentic ation entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(Abstract SecurityInterceptor.java:205)

The server processes the request successfully, how can I suppress or avoid this DEBUG message.

Solution

  • As explained in the Spring Security FAQ, this isn't an error, it's logged at debug level.

    If you want to suppress it just disable debug-level logging for the Spring Security package. For example, if you are using logback for logging (as used in the Spring Security sample applications, change DEBUG to INFO on this line.