Skip to content

Oauth2 BearerTokenAuthenticationFilter logging issue #7110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
matkocsis opened this issue Jul 16, 2019 · 1 comment · Fixed by #7111
Closed

Oauth2 BearerTokenAuthenticationFilter logging issue #7110

matkocsis opened this issue Jul 16, 2019 · 1 comment · Fixed by #7111
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.2.0.M4

Comments

@matkocsis
Copy link
Contributor

Summary

BearerTokenAuthenticationFilter swallows the cause of exception during AuthenticationException DEBUG logging

Actual Behavior

Usecase to reproduce: Configure a JWK-SET-URI over HTTPS with self signed cert serving the keys.
Turn on DEBUG logging for org.springframework.security

Actual Behavior: with any given valid JWT token the resource will be Unauthorized, and the top level detailed message will be printed:
"Authentication request for failed: " + failed

if (debug) { this.logger.debug("Authentication request for failed: " + failed); }
In this case It would be an OAuth2AuthenticationException "Invalid Token", effectively swallowing the failed.getCause() throwable (SSL handshake ex: "PKIX path validation failed")

Expected Behavior

Should log the full stack trace in DEBUG level, in order to pinpoint any root cause exceptions.

Configuration

Version

5.2.x

Sample
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jul 16, 2019
matkocsis added a commit to matkocsis/spring-security that referenced this issue Jul 16, 2019
@matkocsis
Loggin Fix for printing the full stack trace, spring-projects#7110
411c363
@matkocsis matkocsis mentioned this issue Jul 16, 2019
Merged
@jzheaux
Copy link
Contributor

jzheaux commented Jul 19, 2019

Good catch, @matkocsis. Would you be willing to submit a PR to improve this?

@jzheaux jzheaux added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jul 19, 2019
@jzheaux jzheaux self-assigned this Jul 19, 2019
@jzheaux jzheaux added this to the 5.2.0.M4 milestone Jul 19, 2019
rwinch pushed a commit that referenced this issue Jul 23, 2019
@matkocsis @rwinch
Loggin Fix for printing the full stack trace, #7110
e584207
kostya05983 pushed a commit to kostya05983/spring-security that referenced this issue Aug 26, 2019
@matkocsis @kostya05983
Loggin Fix for printing the full stack trace, spring-projects#7110
236df77
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.M4
Development

Successfully merging a pull request may close this issue.

Loggin Fix for printing the full stack trace, spring-projects/spring-… matkocsis/spring-security
3 participants
@jzheaux @spring-projects-issues @matkocsis