When you start developing with Spring Security you need to know that it applies some filters automatically by default and you can spend hours and days to find out why your app does not work like expected.
So it’s better to have 100% transparency to beat SpringSecutiry complexity.
What can help you dramatically is list of applied SpringSecurity filters.
To get this list, we just need to enable security debugging with:
@EnableWebSecurity(debug = true)so in result, your Security config can look like:
@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//Some code here
}Logging can be enabled in application.properties file with:
logging.level.org.springframework.security.web.FilterChainProxy=DEBUGAfter you start the application, you may see output like this:
2020-03-29 19:23:45.955 WARN 53898 --- [ main] o.s.s.c.a.web.builders.WebSecurity :
********************************************************************
********** Security debugging is enabled. *************
********** This may include sensitive information. *************
********** Do not use in a production system! *************
********************************************************************Done.