Skip to content

Give SecurityFilterChain a name for tracing! #6274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zidom opened this issue Dec 12, 2018 · 8 comments
Open

Give SecurityFilterChain a name for tracing! #6274

zidom opened this issue Dec 12, 2018 · 8 comments
Labels
status: ideal-for-contribution An issue that we actively are looking for someone to help us with

Comments

@zidom
Copy link

zidom commented Dec 12, 2018

Give SecurityFilterChain a name for debug tracing!
@rwinch
Copy link
Member

rwinch commented Dec 12, 2018

I do not understand the request. Can you please provide more details.

@rwinch rwinch added the status: waiting-for-feedback We need additional information before we can continue label Dec 12, 2018
@zidom zidom closed this as completed Dec 13, 2018
@zidom
Copy link
Author

zidom commented Dec 13, 2018

When there are multipleSecurityFilterChain, eachSecurityFilterChain has multiple filters, and these filters are the same or similar in most cases, during the development period, it is difficult to determine which SecurityFilterChain the request is, it is easy to confuse! Therefore, whether you can give the SecurityFilterChain a name, in the debug log with the corresponding name, I think this is very helpful for debugging and monitoring!

@zidom zidom reopened this Dec 13, 2018
@rwinch
Copy link
Member

rwinch commented Dec 14, 2018

This sounds like a reasonable idea. I think we can use the beanName which is injected using BeanNameAware interface. Would you be interested in submitting a PR?

@rwinch rwinch added status: ideal-for-contribution An issue that we actively are looking for someone to help us with and removed status: waiting-for-feedback We need additional information before we can continue labels Dec 14, 2018
@ankurpathak ankurpathak mentioned this issue Dec 15, 2018
Closed
@ankurpathak
Copy link
Contributor

ankurpathak commented Dec 15, 2018
edited
Loading

@rwinch > This sounds like a reasonable idea. I think we can use the beanName which is injected using BeanNameAware interface. Would you be interested in submitting a PR?

I have implemented BeanNameAware in DefaultSecurityFilterChain. but it won't be helping much
because I think Spring doesn't register instances of it as Bean in BeanFactory. I debugged it after
using artifacts with these changes and was getting the Bean Name as null in DefaultSecurityFilterChain.

Here is pull reuest with above changes:
#6288

ankurpathak added a commit to ankurpathak/spring-security that referenced this issue Dec 15, 2018
@ankurpathak
Support name for securityFilterChain
37fec92 
1. Implemented BeanNameAware interface in DefaultSecurityFilterChain
2. Added private field beanName for storing beanName.
3. Added method for retrieving beanName

Fixes: spring-projectsgh-6274
@rwinch
Copy link
Member

rwinch commented Dec 17, 2018

@ankurpathak I thought the request was for creating multiple FilterChainProxy instances.

I think at this point we need to understand exactly what we are looking for before we go further.

What exactly is being looked for here? The toString of DefaultSecurityFilterChain already includes the RequestMatcher used which in most cases should help the user know which one is being used.

@ankurpathak
Copy link
Contributor

ankurpathak commented Dec 18, 2018
edited
Loading

screenshot from 2018-12-18 07-52-14
@rwinch Please take a look at this scrrenshot its using Spring Boot 1.5 with Old Spring OAuth 2 Project.
It has four Spring Security Chains. The First two has Request Macher which has some path with them
so can be used in logging and Second two(created For OAuth created automatically) have Request Matcher have no path with them so can not be used in logging. So I thing name for them will help a lot.

@rwinch
Copy link
Member

rwinch commented Dec 18, 2018

I think we could add a id property to the request matcher that is then reflected in the toString. This ensures that we don't need to do instanceof checks on the DefaultSecurityFilterChain

@ankurpathak ankurpathak mentioned this issue Dec 19, 2018
Closed
@ankurpathak
Copy link
Contributor

@rwinch I think its a good idea as it will work with individual flters using RequestMatcher or any thing
else using Request Matcher. I have done changes in below pull request to accomodated it.
#6308
Let me know if it requires any modifications or changes.

ankurpathak added a commit to ankurpathak/spring-security that referenced this issue Dec 19, 2018
@ankurpathak
Better logging support by id in RequestMatcher
9ee6281 
1. Added default method getId in RequestMatcher and
marked it as FunctionalInterface
2. Created Class AbstractRequestMatcher with default
support for getId logging things
3. Implemented build in matchers using AbstractRequestMatcher
4. Changed toString methods of build in matchers to reflect
id.
5. Modified Regex and El RequestMatcher toString tests to
reflect new toString.

Fixes: spring-projectsgh-6274
@rwinch rwinch mentioned this issue Dec 19, 2018
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: ideal-for-contribution An issue that we actively are looking for someone to help us with
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Better logging support by id in RequestMatcher ankurpathak/spring-security
3 participants
@rwinch @zidom @ankurpathak