Spring Security 5 logging for reactive applications

Question

Currently using Spring Boot 2.0.1 with Spring Security 5.0.4 for a reactive application.

The problem is I don't get any Spring Security log at all.

Extra details:

I have "logging.level.org.springframework.security=DEBUG" in the application.properties. The loggers actuator proves this.
Spring Security is correctly enabled since unauthenticated accesses correctly return 401 status.
For imperative Spring Boot 2.0.1 applications, I correctly get Spring Security logs.

Am I missing something? How do I enable Spring Security 5 logs in a reactive application (preferably using properties instead of code)?

Thank you for your time.

Update 1: uplodaded a MWE in https://github.com/fbeaufume/webflux-security-sample

Update 2: the Spring Security configuration of my app is based on http://www.baeldung.com/spring-security-5-reactive (probably deprecated since it uses Spring Boot 2.0.0.M6) but does not work yet.

Update 3: when using code from https://github.com/spring-projects/spring-boot/tree/v2.0.1.RELEASE/spring-boot-samples/spring-boot-sample-secure-webflux then Spring Security works but still no logs

Spring-Security logging in WebFlux is coming soon. See this issue: https://github.com/spring-projects/spring-security/issues/5758 — Ken, Aug 31 '18 at 15:09

score 1 · Accepted Answer · answered Aug 06 '20 at 16:27

Spring security logging for webflux reactive apps is now available starting with version 5.4.0-M2 (as mentionned by @bzhu in comment How do I enable logging for Spring Security?)

Until this gets into a GA release, here is how to get this milestone release in gradle

repositories {
    mavenCentral()
    if (!version.endsWith('RELEASE')) {
        maven { url "https://repo.spring.io/milestone" }
    }
}

// Force earlier milestone release to get securing logging preview
// https://docs.spring.io/spring-security/site/docs/current/reference/html5/#getting-gradle-boot
ext['spring-security.version']='5.4.0-M2'
dependencyManagement {
    imports {
        mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
    }

}

Spring Security 5 logging for reactive applications

1 Answers1