Reputation: 71
Disable Spring Security Logging
We are using Custom Filter to do our authentication.
Our Custom Filter extends from BasicAuthenticationFilter. We are using only Basic Authentication In our application. We did it like that, because we wanted to handle different authentication scenarios in our authentication entry point.
Whenever an API is invoked our Filter kicks in, which is causing lot of logs to be printed on console. These logs are itself coming from the BasicAuthenticationFilter.class (Which our Filter has extended)
if (this.authenticationIsRequired(username)) {
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, tokens[1]);
authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
Authentication authResult = this.authenticationManager.authenticate(authRequest);
if (debug) {
this.logger.debug("Authentication success: " + authResult);
}
SecurityContextHolder.getContext().setAuthentication(authResult);
this.rememberMeServices.loginSuccess(request, response, authResult);
this.onSuccessfulAuthentication(request, response, authResult);
}
Is it possible to avoid this logging, without having to actually override the function.
Upvotes: 1
Views: 3635
Answers (2)
Reputation: 6216
In springboot the logging level can be set as TRACE, DEBUG, INFO, WARN, ERROR, FATAL, or OFF. Setting the following in application.yml or application.properties can configure the root logger level :
logging.level.root=warn
Apart from that springboot also allows setting logging levels according to the group or class.
It’s often useful to be able to group related loggers together so that they can all be configured at the same time. For example, you might commonly change the logging levels for all Tomcat related loggers, but you can’t easily remember top level packages.
To help with this, Spring Boot allows you to define logging groups in your Spring Environment. For example, here’s how you could define a “tomcat” group by adding it to your application.properties:
logging.group.tomcat=org.apache.catalina, org.apache.coyote, org.apache.tomcat
Actually springbobot provides us the capability to set the logging levels for classes. So in your case you could set the logging level for your Filter class as ERROR so that unwanted logs are not generated from it or set it to OFF. Another way is to turn off logging for your entire spring security group(this is not recommended as you may loose a lot of logs that might be useful) :
logging.level.com.security.BasicAuthenticationFilter=ERROR
Read Doc
Upvotes: 3
Reputation: 2340
There are multiple ways to handle same
From command line
-Dlogging.level.org.springframework.security.web.authentication.www=OFF
From Logger configuration
you can set various log level to different classes, turn off logging for desired class
As per Spring page here 26.4 Log Levels
All the supported logging systems can have the logger levels set in the Spring Environment (for example, in application.properties) by using logging.level.= where level is one of TRACE, DEBUG, INFO, WARN, ERROR, FATAL, or OFF. The root logger can be configured by using logging.level.root.
Read the tutorial in details here
Upvotes: 2
Related Questions
- Spring boot Security Disable security
- How do I enable logging for Spring Security?
- How to disable console logging in spring-boot?
- Spring boot - Cannot turn off logging
- Disable automatic logging configuration in spring boot
- Spring boot: disable security auto configuration
- Removing a log from Spring Security authentication logging
- How can I disable Spring Boot logging configuration?
- Spring Boot and Logback: Disable a logger
- How to disable spring security logging