Currently using Spring Boot 2.0.1 with Spring Security 5.0.4 for a reactive application.
The problem is I don't get any Spring Security log at all.
Extra details:
I have "logging.level.org.springframework.security=DEBUG" in the application.properties. The loggers actuator proves this.
Spring Security is correctly enabled since unauthenticated accesses correctly return 401 status.
For imperative Spring Boot 2.0.1 applications, I correctly get Spring Security logs.
Am I missing something? How do I enable Spring Security 5 logs in a reactive application (preferably using properties instead of code)?
Thank you for your time.
Update 1: uplodaded a MWE in https://github.com/fbeaufume/webflux-security-sample
Update 2: the Spring Security configuration of my app is based on http://www.baeldung.com/spring-security-5-reactive (probably deprecated since it uses Spring Boot 2.0.0.M6) but does not work yet.
Update 3: when using code from https://github.com/spring-projects/spring-boot/tree/v2.0.1.RELEASE/spring-boot-samples/spring-boot-sample-secure-webflux then Spring Security works but still no logs
Spring security logging for webflux reactive apps is now available starting with version 5.4.0-M2 (as mentionned by @bzhu in comment How do I enable logging for Spring Security?)
Until this gets into a GA release, here is how to get this milestone release in gradle
repositories {
mavenCentral()
if (!version.endsWith('RELEASE')) {
maven { url "https://repo.spring.io/milestone" }
}
}
// Force earlier milestone release to get securing logging preview
// https://docs.spring.io/spring-security/site/docs/current/reference/html5/#getting-gradle-boot
ext['spring-security.version']='5.4.0-M2'
dependencyManagement {
imports {
mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
}
}