search

spring-attic / spring-security-javaconfig

Spring Security Java Configuration Support (to be merged with spring-security-config)
175 stars 121 forks source link

Omit full stack trace in WebSecurityConfigurerAdapter's authenticationManager method #137

Closed dimalinux closed 11 years ago

dimalinux commented 11 years ago

When extending WebSecurityConfigurerAdapter for an OpenID security configuration, the message below is expected behavior. Given that it's expected, at least in some cases, it would be nice if it didn't show the stack trace.

Feel free to reject this request. I'll just turn of debug logging for now.

The stack trace below is from the openid sample:

10:15:23.843 [Test worker] DEBUG o.s.s.s.c.SecurityConfig$$EnhancerByCGLIB$$ab013fad - The AuthenticationManager was not found. This is ok for now as it may not be required.
org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.authentication.AuthenticationManager] is defined
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:296) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1125) [spring-context-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapter.authenticationManager(WebSecurityConfigurerAdapter.java:191) [spring-security-javaconfig-1.0.0.CI-SNAPSHOT.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:138) [spring-security-javaconfig-1.0.0.CI-SNAPSHOT.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:241) [spring-security-javaconfig-1.0.0.CI-SNAPSHOT.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:41) [spring-security-javaconfig-1.0.0.CI-SNAPSHOT.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.security.samples.config.SecurityConfig$$EnhancerByCGLIB$$ab013fad.init() [spring-core-3.2.3.RELEASE.jar:na]
        at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:233) [spring-security-javaconfig-1.0.0.CI-SNAPSHOT.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:186) [spring-security-javaconfig-1.0.0.CI-SNAPSHOT.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:38) [spring-security-javaconfig-1.0.0.CI-SNAPSHOT.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.security.config.annotation.web.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:88) [spring-security-javaconfig-1.0.0.CI-SNAPSHOT.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.security.config.annotation.web.WebSecurityConfiguration$$EnhancerByCGLIB$$14a031a1.CGLIB$springSecurityFilterChain$5() [spring-core-3.2.3.RELEASE.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.security.config.annotation.web.WebSecurityConfiguration$$EnhancerByCGLIB$$14a031a1$$FastClassByCGLIB$$536ea450.invoke() [spring-core-3.2.3.RELEASE.jar:1.0.0.CI-SNAPSHOT]
        at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) [spring-core-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:286) [spring-context-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.security.config.annotation.web.WebSecurityConfiguration$$EnhancerByCGLIB$$14a031a1.springSecurityFilterChain() [spring-core-3.2.3.RELEASE.jar:1.0.0.CI-SNAPSHOT]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_21]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_21]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_21]
        at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_21]
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:160) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:570) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1025) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:921) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:626) [spring-beans-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932) [spring-context-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479) [spring-context-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.web.AbstractGenericWebContextLoader.loadContext(AbstractGenericWebContextLoader.java:128) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.web.AbstractGenericWebContextLoader.loadContext(AbstractGenericWebContextLoader.java:60) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.support.AbstractDelegatingSmartContextLoader.delegateLoading(AbstractDelegatingSmartContextLoader.java:100) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.support.AbstractDelegatingSmartContextLoader.loadContext(AbstractDelegatingSmartContextLoader.java:248) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.CacheAwareContextLoaderDelegate.loadContextInternal(CacheAwareContextLoaderDelegate.java:64) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.CacheAwareContextLoaderDelegate.loadContext(CacheAwareContextLoaderDelegate.java:91) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.TestContext.getApplicationContext(TestContext.java:122) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.web.ServletTestExecutionListener.setUpRequestContextIfNecessary(ServletTestExecutionListener.java:105) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.web.ServletTestExecutionListener.prepareTestInstance(ServletTestExecutionListener.java:74) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:312) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.createTest(SpringJUnit4ClassRunner.java:211) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner$1.runReflectiveCall(SpringJUnit4ClassRunner.java:288) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) [junit-4.8.jar:na]
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.methodBlock(SpringJUnit4ClassRunner.java:284) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:231) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:88) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193) [junit-4.8.jar:na]
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52) [junit-4.8.jar:na]
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191) [junit-4.8.jar:na]
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42) [junit-4.8.jar:na]
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184) [junit-4.8.jar:na]
        at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:71) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.junit.runners.ParentRunner.run(ParentRunner.java:236) [junit-4.8.jar:na]
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:174) [spring-test-3.2.3.RELEASE.jar:3.2.3.RELEASE]
        at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.runTestClass(JUnitTestClassExecuter.java:80) [gradle-plugins-1.6.jar:1.6]
        at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.execute(JUnitTestClassExecuter.java:47) [gradle-plugins-1.6.jar:1.6]
        at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassProcessor.processTestClass(JUnitTestClassProcessor.java:69) [gradle-plugins-1.6.jar:1.6]
        at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.processTestClass(SuiteTestClassProcessor.java:49) [gradle-plugins-1.6.jar:1.6]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_21]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_21]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_21]
        at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_21]
        at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35) [gradle-messaging-1.6.jar:1.6]
        at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24) [gradle-messaging-1.6.jar:1.6]
        at org.gradle.messaging.dispatch.ContextClassLoaderDispatch.dispatch(ContextClassLoaderDispatch.java:32) [gradle-messaging-1.6.jar:1.6]
        at org.gradle.messaging.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:93) [gradle-messaging-1.6.jar:1.6]
        at com.sun.proxy.$Proxy2.processTestClass(Unknown Source) [na:na]
        at org.gradle.api.internal.tasks.testing.worker.TestWorker.processTestClass(TestWorker.java:103) [gradle-plugins-1.6.jar:1.6]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_21]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_21]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_21]
        at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_21]
        at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35) [gradle-messaging-1.6.jar:1.6]
        at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24) [gradle-messaging-1.6.jar:1.6]
        at org.gradle.messaging.remote.internal.hub.MessageHub$Handler.run(MessageHub.java:355) [gradle-messaging-1.6.jar:1.6]
        at org.gradle.internal.concurrent.DefaultExecutorFactory$StoppableExecutorImpl$1.run(DefaultExecutorFactory.java:66) [gradle-base-services-1.6.jar:1.6]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_21]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_21]
        at java.lang.Thread.run(Thread.java:722) [na:1.7.0_21]

Thanks, Dmitry

rwinch commented 11 years ago

I'm not convinced one way or another on this so feel free to discuss. I have the stacktrace in there so that you can see it when you are trying to figure out what went wrong. In some instances, that stack trace may be relevant to figuring out what went wrong (but only the engineer will know). For example, if later on the AuthenticationManager was null because Spring Security was unable to obtain an AuthenticationManager another way and your code required the AuthenticationManager you might want to see that stack trace.

dimalinux commented 11 years ago

I understand the problem better after trying to disable the message. My logging config was already weeding anything below "INFO" for "org.springframework.security". CGLIB is distorting who actually emitted the message. In order to get rid of the stack trace, you have to raise the log level of the config class that extends WebSecurityConfigurerAdapter.

rwinch commented 11 years ago

This seems that part of the issue is that I am using getClass() for creating the logger. While this is quite common throughout Spring, I wonder if changing this to WebSecurityConfigurerAdapter.class would be sufficient. This would make disabling logging for that logger much easier. What are your thoughts? Does this seem like a reasonable compromise?

dimalinux commented 11 years ago

I like that solution. As it turns out, I never would have seen the stack trace if it hadn't been logged against one of my own classes. Thanks!

rwinch commented 11 years ago

I made the logger change so closing. Thanks for bringing up this usability issue.