Luke Taylor (Migrated from SEC-1469) said:
Users are often unaware of how to debug simple things like session-creation, redirects or other simple servlet-api data. It would be possible to add a simple filter using the namespace (e.g. ) which was Spring Security aware and would detect monitor the application for inconsitent behaviour (e.g. creating sessions when the "stateless" option is set) and providing useful extra information for addition to forum posts.
Luke Taylor said:
A better option might be to always register the bean, using a name like "springSecurityDebugFilterChain". Substituting this in the web.xml file would allow the feature to be used, rather than adding an extra namespace element.
Implemented as a namespace element (). This will allow for future expansion and addition of extra features. At the moment it reports matching of requests to filter chains in a human-readable fashion, and also the creation of new sessions (with the stacktrace so that the point in the code where the session was created can be determined).
Complete for now. More features will be added in future.