I'm trying to debug my app today but the spring boot console displays the following message:
enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
Meanwhile, I want to know everything that is going on in the app.
So my question is: How can I enable logging request details in application.properties?
For Spring Boot 2.1 and below use
logging.level.org.springframework.web=DEBUG
spring.http.log-request-details=true
For Spring Boot 2.2 and above spring.http.log-request-details has been deprecated so use
logging.level.org.springframework.web=DEBUG
spring.mvc.log-request-details=true
in your application.properties if you want to see loggingRequestDetails.
From the documentation:
Whether logging of (potentially sensitive) request details at DEBUG
and TRACE level is allowed.
When using webflux and spring boot 2.3.0 the following properties can be set to log request details.
logging.level.org.springframework.web.server.adapter.HttpWebHandlerAdapter=DEBUG
spring.codec.log-request-details=true
for spring boot v2.6.2 you can use this: spring.mvc.log-request-details=true and make sure also you have logging.level.org.springframework.web=DEBUG
spring boot version is 2.2.6.RELEASE.This configuration item below helps me solve the problem.
spring.http.log-request-details=true
If you are using WebFlux turn on the enableLoggingRequestDetails='true' you can by adding:
#Configuration
#EnableWebFlux
public class WebFluxConfig implements WebFluxConfigurer {
#Override
public void configureHttpMessageCodecs(ServerCodecConfigurer configurer) {
configurer.defaultCodecs().enableLoggingRequestDetails(true);
}
}
And setting the config param:
debug:
logging.http-requests: true
logging:
level:
ROOT: INFO
org:
springframework:
web:
server:
adapter:
HttpWebHandlerAdapter: TRACE
Related
I have a spring boot app that I upgraded from v2.2.x to now be v2.4.3.
I saw in their documentation that there is a new actuator endpoint of /startup, however it does not exist when I start my app.
There is no special requirement according to their documentation here
I am using spring-boot-admin-starter-client v2.4.3 which provides spring-boot-actuator v2.4.3, and i even have management.endpoint.startup.enabled=true in my application.properties file.
Has anyone else used this version of spring boot and gotten this actuator enpoint to work?
You need to tweak startup configuration:
#SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication app = new SpringApplication(DemoApplication.class);
app.setApplicationStartup(new BufferingApplicationStartup(1000));
app.run(args);
}
}
In application.properties:
management.endpoints.web.exposure.include=startup
If you want to visualize startup events check out this tool I made some months ago https://spring-boot-startup-analyzer.netlify.app/ (look at the configuration instructions as you need to enable CORS on this endpoint)
May be you are using BootstrapApplicationListener which build the application context again but ignores the previous applicationStartup, so it sets the default, this is a bug in spring-cloud-context:3.0.0
I went through lots of tutorials regarding this but could not get this done.
Here is my table structure for this.
Application Profile Label prop_key value
masking dev latest test-property message
I have a cloud config server which should integrate with JDBC backend. Here is my application.properties in config server
server.port=8082
spring.application.name=masking
management.endpoints.web.exposure.include=*
spring.datasource.url=jdbc:postgresql://localhost:8000/finos?currentSchema=xlabs
spring.datasource.username=mufgdev
spring.datasource.password=XXX
spring.profiles.active=XXX
spring.cloud.config.server.jdbc.sql=SELECT prop_key,value from xlabs.properties where application=? and profile=? and label=?
spring.cloud.config.server.jdbc.order=1
With this configs if I enter http://localhost:8082/masking/dev/latest response will show the results as I want.
I want to consume properties in client side with the following configs in bootstrap.properties
spring.application.name=masking
spring.cloud.config.uri=http://localhost:8082
spring.cloud.config.label=latest
spring.cloud.config.profile=dev
And in my client side
#RestController
#RefreshScope
public class TestController {
#Value("${test-property}")
private String aConf;
#GetMapping("/message")
String message() {
String name =aConf ;
return name;
}
}
This gives java.lang.IllegalArgumentException: Could not resolve placeholder 'test-property' in value "${test-property}"
Can anyone comment on this?
Thanks.
This issue comes with the latest Spring boot release, All the above code segments steps all okay, But by default Spring has disabled bootstrap. So you have to enable them by adding
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>
No need add for older versions of the Spring boot projects.
Spring Boot 1.5.6.RELEASE respected the basic-auth username and password as specified in my application.yml below.
I have upgraded to 2.0.0.M4 and now the application always starts with the default 'user' and randomly generated password. Basically the settings below are always completely ignored.
I saw some changes in the release note/doc specific to simplifying actuator security enabled/disabled. I didn't see anything specific to this.
Any ideas?
From my application.yml
security:
basic:
enabled: true
realm: some-service
user:
name: example_user
password: example_password
Update:
I've confirmed this functionality was just plainly taken out starting with Spring Boot 2.0.0.M4
In the appendices:
All the security.basic.* family of stuff is missing here from the M4 reference:
https://docs.spring.io/spring-boot/docs/2.0.0.M4/reference/html/common-application-properties.html
But appears here in the M3 reference:
https://docs.spring.io/spring-boot/docs/2.0.0.M3/reference/html/common-application-properties.html
I was able to temporarily downgrade to M3 to restore the previous functionality but would still appreciate some guidance on what replaced it. I just need a single hardcoded basic-auth user for this scenario. I'm aware I could use object configurations to do a much more complicated setup.
Edit 2018-01-31:
The ability to auto-configure a single user has been restored (via the spring.security.user configuration keys) starting with Spring Boot 2.0.0-RC1 (source).
Original answer:
The Spring Boot security.* properties have been deprecated starting with Spring Boot 2.0.0-M4. You can read about this in the Release Notes:
Security auto-configuration has been completely revisited: developers should read the companion blog post and refer to the Spring Boot 2.0 Security wiki page for more details about the change.
In order to restore the basic auth functionality you can register a custom WebSecurityConfigurerAdapter, like this:
#Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
#Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
return new InMemoryUserDetailsManager(
User.withDefaultPasswordEncoder().username("user").password("password")
.authorities("ROLE_USER").build(),
User.withDefaultPasswordEncoder().username("admin").password("admin")
.authorities("ROLE_ACTUATOR", "ROLE_USER").build());
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.requestMatchers(EndpointRequest.to("health", "info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
.antMatchers("/**").hasRole("USER")
.and()
.cors()
.and()
.httpBasic();
}
}
(This will also configure basic auth for the Actuator endpoints)
If you additionally need to read the username and password from a .properties file, you can simply inject the values using the #Value annotation.
While updating my Spring Boot application to the latest build snapshot and I am seeing that none of the actuator endpoints are enabled by default. If I specify them to be enabled in application.properties, they show up.
1) Is this behavior intended? I tried searching for an issue to explain it but couldn't find one. Could somebody link me to the issue / documentation?
2) Is there a way to enable all the actuator endpoints? I often find myself using them during development and would rather not maintain a list of them inside my properties file.
Two parts to this answer:
"Is there a way to enable all the actuator endpoints?"
Add this property endpoints.enabled=true rather than enabling them individually with endpoints.info.enabled=true, endpoints.beans.enabled=true etc
Update: for Spring Boot 2.x the relevant property is:
endpoints.default.web.enabled=true
"Is this behavior intended?"
Probably not. Sounds like you might have spotted an issue with the latest milestone. If you have a reproducible issue with a Spring Boot milestone then Spring's advice is ...
Reporting Issues
Spring Boot uses GitHub’s integrated issue tracking system to record bugs and feature requests. If you want to raise an issue, please follow the recommendations below:
Before you log a bug, please search the issue tracker to see if someone has already reported the problem.
If the issue doesn’t already exist, create a new issue.
Even if we enable all the actuator endpoints as below
management.endpoints.web.exposure.include=* (In case of YAML the star character should be surrounded by double quotes as "*" because star is one of the special characters in YAML syntax)
The httptrace actuator endpoint will still not be enabled in web by default. HttpTraceRepository interface need to be implemented to enable httptrace (See Actuator default endpoints, Actuator endpoints, Actuator httptrace).
#Component
public class CustomHttpTraceRepository implements HttpTraceRepository {
AtomicReference<HttpTrace> lastTrace = new AtomicReference<>();
#Override
public List<HttpTrace> findAll() {
return Collections.singletonList(lastTrace.get());
}
#Override
public void add(HttpTrace trace) {
if ("GET".equals(trace.getRequest().getMethod())) {
lastTrace.set(trace);
}
}
}
Now the endpoints can be accessed using the url,
http://localhost:port/actuator/respective-actuator-endpoint
(Example http://localhost:8081/actuator/httptrace)
If there is a management.servlet.context-path value present in properties file then the URL will be,
http://localhost:port/<servlet-context-path>/respective-actuator-endpoint
(Example http://localhost:8081/management-servlet-context-path-value/httptrace)
UPDATE: use this only in dev environment, not in production!
Is there a way to enable all the actuator endpoints?
Using Spring Boot 2.2.2 Release, this worked for me:
On the file src/main/resources/application.properties add this:
management.endpoints.web.exposure.include=*
To check enabled endpoints go to http://localhost:8080/actuator
Source: docs.spring.io
What I want to do
Create two (different) endpoints using Spring Boot Actuator
My environment
Spring Boot 1.4.2
spring-boot-starter-actuator embedded in Spring Boot 1.4.2
Detail
I'm creating a Web app using Spring Boot and will need to create two separated endpoints: one for just checking application health including the app's DB connection and so on (This will be realized by the default behavior of "/health") and the other for just checking if the app is ready for accepting HTTP requests (say "/httpcheck").
To implement health check feature, I guess it's the fastest way to use Spring Boot Actuator (by default, /health is mapped to health check endpoint).
I also understand we can configure this endpoint by extending AbstractHealthIndicator (so that it will include DB health check).
But as far as I could see, I could not find a way to create more than one endpoints to do different health checks.
Do you have any ideas?
Thanks in advance.
Thanks for your answer.
Actually, I dealt with this problem by implementing a new endpoint (/httpcheck) to simply check if its HTTP stack works well or not.
HttpCheckEndpoint.java
#Component
#ConfigurationProperties(prefix = "endpoints.httpcheck") // Specifies the prefix on application.yml
public class HttpCheckEndpoint extends AbstractMvcEndpoint {
public HttpCheckEndpoint() {
super("/httpcheck", false);
}
/**
* Check if simply the app can connect to their own HTTP stack and return 200 OK.
* <ul>
* <li>Method: GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS</li>
* <li>Endpoint: "/httpcheck"</li>
* </ul>
*/
#RequestMapping
#ResponseBody
public ResponseEntity<String> checkHttpConnecton() {
if (!isEnabled()) {
return new ResponseEntity<String>("", HttpStatus.NOT_FOUND);
} else {
return new ResponseEntity<String>("{\"status\": \"UP\"}", HttpStatus.OK);
}
}
}
application.yml
endpoints:
enabled: false # Default enabled/disabled on endpoints on Spring Boot Actuator
health: # Health check (already prepared in Spring Boot Actuator)
enabled: true
httpcheck: # Simple HTTP connection check (newly created by myself)
enabled: true
I've confirmed it worked well, although not sure if it's the best solution...
Solution
You can use Jolokia end points in your Spring-boot application and get it registered with o.s.b.a.e.jmx.EndpointMBeanExporter along with your Actuator Plugins.
<dependency>
<groupId>org.jolokia</groupId>
<artifactId>jolokia-core</artifactId>
<version>1.2.2</version>
</dependency>
Jolokia Configurations in application.properties
jolokia.config.debug=true
endpoints.jolokia.enabled=true