我正在使用Tomcat for servlet容器,我必须每天检查catalina.out日志以进行调试。但是当一个匿名用户试图登录时,Spring Security拦截器抛出异常,它会淹没catalina.out日志文件。这样的日志:
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:327)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:197)
at org.springframework.flex.security3.EndpointInterceptor.preProcess(EndpointInterceptor.java:97)
at org.springframework.flex.core.MessageInterceptionAdvice.invoke(MessageInterceptionAdvice.java:62)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.adapter.ThrowsAdviceInterceptor.invoke(ThrowsAdviceInterceptor.java:124)
... 52 more
如何禁用Tomcat中的Spring Security日志记录?
答案 0 :(得分:3)
当日志级别设置为DEBUG并且您的过滤器链中没有AnonymousAuthenticationFilter时,您将在日志中看到AuthenticationCredentialsNotFoundException。
见FAQ。
所以我假设您在安全应用程序上下文中使用传统bean配置而不是命名空间配置。如果你想摆脱异常,你可以在你的应用程序上下文中添加anonymousAuthenticationFilter,如documentation
中所述或者,您可以转换
的日志级别org.springframework.security.level=INFO
,如question中所述。