如何在将无效的Bearer令牌发送到后端时进行日志记录

huangapple go评论67阅读模式
英文:

How To Log When Invalid Bearer Token Is Sent To Backend

问题

我有一个使用 Jhipster 构建的后端,并且希望在请求中发送无效的身份验证 Bearer 令牌时进行日志记录。

目前在使用 Postman 时,我可以发送有效的令牌以获取所需的信息,并且日志记录如下:

latform-development/protocol/openid-connect/certs HTTP/1.1: null}{Accept: application/json, application/jwk-set+json}{User-Agent: Java/11.0.7}{Host: sso.eva-int.c
om}{Connection: keep-alive}
2020-10-14 10:11:37.630 DEBUG 4132 --- [  XNIO-1 task-1] s.n.www.protocol.http.HttpURLConnection  : sun.net.www.MessageHeader@2527b0a66 pairs: {null: HTTP/1.1 200
 OK}{Connection: keep-alive}{Cache-Control: no-cache}{Content-Type: application/json}{Content-Length: 1703}{Date: Wed, 14 Oct 2020 17:11:36 GMT}
2020-10-14 10:11:37.649 DEBUG 4132 --- [  XNIO-1 task-1] jdk.event.security                       : X509Certificate: Alg:SHA256withRSA, Serial:17251f0f612, Subjec
t:CN=platform-development, Issuer:CN=platform-development, Key type:RSA, Length:2048, Cert Id:1603036153, Valid from:5/26/20, 10:02 AM, Valid until:5/26/30, 10:04
 AM```

当我发送无效令牌时,我会收到状态码为 401 的响应,并且标头中会显示 'invalid_token',这是完全正常的,但应用程序中没有记录日志。

看起来处理此问题的代码来自 Spring Security 依赖项。是否有任何方法可以使其记录更多信息?

<details>
<summary>英文:</summary>

I have a Jhipster built backend and am looking to log when an invalid authentication Bearer token is sent with a request. 

Currently using Postman I can send a valid token to get information I need and that is logged like so:

2020-10-14 10:11:37.591 DEBUG 4132 --- [ XNIO-1 task-1] s.n.www.protocol.http.HttpURLConnection : sun.net.www.MessageHeader@77674d5d5 pairs: {GET /auth/realms/p
latform-development/protocol/openid-connect/certs HTTP/1.1: null}{Accept: application/json, application/jwk-set+json}{User-Agent: Java/11.0.7}{Host: sso.eva-int.c
om}{Connection: keep-alive}
2020-10-14 10:11:37.630 DEBUG 4132 --- [ XNIO-1 task-1] s.n.www.protocol.http.HttpURLConnection : sun.net.www.MessageHeader@2527b0a66 pairs: {null: HTTP/1.1 200
OK}{Connection: keep-alive}{Cache-Control: no-cache}{Content-Type: application/json}{Content-Length: 1703}{Date: Wed, 14 Oct 2020 17:11:36 GMT}
2020-10-14 10:11:37.649 DEBUG 4132 --- [ XNIO-1 task-1] jdk.event.security : X509Certificate: Alg:SHA256withRSA, Serial:17251f0f612, Subjec
t:CN=platform-development, Issuer:CN=platform-development, Key type:RSA, Length:2048, Cert Id:1603036153, Valid from:5/26/20, 10:02 AM, Valid until:5/26/30, 10:04
AM


When I send an invalid token I get back a response with a status of 401 and headers saying &#39;invalid_token&#39; which is perfectly fine, but nothing is logged in the application. 

It seems like the code that handles this comes from Spring Security dependency. Is there any way to have it log out more information?

</details>


# 答案1
**得分**: 2

Spring Security有自己的日志记录功能,您只需启用它。

将以下内容放入您的application.properties文件中:

```properties
logging.level.org.springframework.security=DEBUG

对于大多数其他Spring模块也是如此。

或者您可以尝试在日志配置中设置属性,例如logback。

以下是application.yml版本:

logging:
  level:
    org:
      springframework:
        security: DEBUG
英文:

Spring Security has its own logging, you just need to enable it.

Put the following in your application.properties:

logging.level.org.springframework.security=DEBUG

This is the same for most other Spring modules as well.

OR

Try setting the property in your logging configuration, e.g. logback.

Here is the application.yml version:

logging:
  level:
    org:
      springframework:
        security: DEBUG

huangapple
  • 本文由 发表于 2020年10月15日 02:48:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/64359722.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定