SEC-1469: Add a Debug/Monitoring Filter #1708

Closed
spring-issuemaster opened this Issue Apr 27, 2010 · 3 comments

1 participant

@spring-issuemaster

Luke Taylor (Migrated from SEC-1469) said:

Users are often unaware of how to debug simple things like session-creation, redirects or other simple servlet-api data. It would be possible to add a simple filter using the namespace (e.g. ) which was Spring Security aware and would detect monitor the application for inconsitent behaviour (e.g. creating sessions when the "stateless" option is set) and providing useful extra information for addition to forum posts.

@spring-issuemaster

Luke Taylor said:

A better option might be to always register the bean, using a name like "springSecurityDebugFilterChain". Substituting this in the web.xml file would allow the feature to be used, rather than adding an extra namespace element.

@spring-issuemaster

Luke Taylor said:

Implemented as a namespace element (). This will allow for future expansion and addition of extra features. At the moment it reports matching of requests to filter chains in a human-readable fashion, and also the creation of new sessions (with the stacktrace so that the point in the code where the session was created can be determined).

@spring-issuemaster

Luke Taylor said:

Complete for now. More features will be added in future.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment