Observability #11906
Observability #11906
Conversation
jzheaux
added
in: core
jzheaux
force-pushed
the
observability
branch
3 times, most recently
from
c0f75d7 to
20d9480
Compare
...in/java/org/springframework/security/authentication/AuthenticationObservationConvention.java
Outdated
Show resolved
Hide resolved
...in/java/org/springframework/security/authentication/AuthenticationObservationConvention.java
Outdated
Show resolved
Hide resolved
.../main/java/org/springframework/security/authentication/ObservationAuthenticationManager.java
Outdated
Show resolved
Hide resolved
.../main/java/org/springframework/security/authentication/ObservationAuthenticationManager.java
Outdated
Show resolved
Hide resolved
...va/org/springframework/security/authentication/ObservationReactiveAuthenticationManager.java
Outdated
Show resolved
Hide resolved
...main/java/org/springframework/security/authorization/AuthorizationObservationConvention.java
Outdated
Show resolved
Hide resolved
web/src/main/java/org/springframework/security/web/AroundFilterObservation.java
Outdated
Show resolved
Hide resolved
web/src/main/java/org/springframework/security/web/AroundFilterObservation.java
Outdated
Show resolved
Hide resolved
web/src/main/java/org/springframework/security/web/FilterChainProxy.java
Outdated
Show resolved
Hide resolved
| @@ -147,6 +154,12 @@ public class FilterChainProxy extends GenericFilterBean { | |||
|
|
|||
| private static final String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED"); | |||
|
|
|||
| static final String REQUEST_OBSERVATION_NAME = "http.requests"; | |||
|
|
|||
| static final String UNSECURED_OBSERVATION_NAME = "http.unsecured.requests"; | |||
There was a problem hiding this comment.
Can we match these to what MVC uses, like http.server.requests.secured and http.server.requests.unsecured?
There was a problem hiding this comment.
I'd prefer to have a simple way to turn all Spring Security observations off. Not that it can't be done another way, but right now I've just updated the PR so that all start with spring.security.. In this way, an application can create a very simple predicate to turn off Spring Security observations.
I see the value of aligning, too... it would be nice if there were a way to get both. One way may be to introduce a class like SpringSecurityObservationPredicates#noObservations() or similar. Is there another potential route?
There was a problem hiding this comment.
I like the SpringSecurityObservationPredicates#noObservations() approach.
web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
My biggest comment is, I'd like to see if it makes sense / is possible to make observability an optional dependency. This might not happen in this release, but may just be possible with the current codebase to do passively. This means that core components can only use the observability APIs privately.
It is possible this does not make sense, but I'd like to pose that for consideration.
There are also a number of classes / interfaces missing class level Javadoc that would benefit from it.
...ework/security/config/annotation/method/configuration/Jsr250MethodSecurityConfiguration.java
Outdated
Show resolved
Hide resolved
...ework/security/config/annotation/method/configuration/Jsr250MethodSecurityConfiguration.java
Outdated
Show resolved
Hide resolved
...ework/security/config/annotation/method/configuration/Jsr250MethodSecurityConfiguration.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/springframework/security/core/Authentication.java
Outdated
Show resolved
Hide resolved
jzheaux
force-pushed
the
observability
branch
from
b2f525b to
d8549ad
Compare
jzheaux
force-pushed
the
observability
branch
from
d8549ad to
fe96a62
Compare
No description provided.