Spring Boot 2 Actuator Httptrace Principal is null

Question

I have a restful web application using spring boot 2, with the actuator, and spring security.

While doing some testing, I was checking out the /httptrace path and realized that the principal was coming back as null. I'm pretty confused why that would be the case, as when I debug log the SecurityContextHolder.getContext().getAuthentication().getPrincipal() I get back my Application object, which implements UserDetails.

So I'm curious why the principal is coming back as null, when I have a principal. If there are more details I can provide to help resolve this let me know in the comments and I will include them.

{
    "traces":[
        {
            "timestamp":"2019-06-19T16:14:33.252994100Z",
            "principal":null,
            "session":null,
            "request":{
                "method":"GET",
                "uri":"http://localhost:8080/api/ims/oneroster/v1p1/orgs",
                "headers":{
                    "cookie":[
                        "JSESSIONID=095BD749...."
                    ],
                    "postman-token":[
                        "54c241d7-8810-459c-b62a-bd64e9c73e9f"
                    ],
                    "host":[
                        "localhost:8080"
                    ],
                    "connection":[
                        "keep-alive"
                    ],
                    "cache-control":[
                        "no-cache"
                    ],
                    "accept-encoding":[
                        "gzip, deflate"
                    ],
                    "user-agent":[
                        "PostmanRuntime/7.15.0"
                    ],
                    "accept":[
                        "*/*"
                    ]
                },
                "remoteAddress":null
            },
            "response":{
                "status":"200",
                "headers":{
                    "X-Frame-Options":[
                        "DENY"
                    ],
                    "Transfer-Encoding":[
                        "chunked"
                    ],
                    "Cache-Control":[
                        "no-cache, no-store, max-age=0, must-revalidate"
                    ],
                    "X-Content-Type-Options":[
                        "nosniff"
                    ],
                    "Pragma":[
                        "no-cache"
                    ],
                    "Expires":[
                        "0"
                    ],
                    "X-XSS-Protection":[
                        "1; mode=block"
                    ],
                    "Date":[
                        "Wed, 19 Jun 2019 16:14:33 GMT"
                    ],
                    "Content-Type":[
                        "application/json;charset=UTF-8"
                    ]
                }
            },
            "timeTaken":"389"
        }
    ]
}

Did you find a solution? – konstantin_doncov Sep 03 '19 at 03:00 — konstantin_doncov, Sep 03 '19 at 03:00
@don-prog no not yet. – Dan Whitehouse Sep 05 '19 at 12:23 — Dan Whitehouse, Sep 05 '19 at 12:23

score 7 · Accepted Answer · answered Oct 25 '19 at 12:00

7

By default Spring Actuator HTTP tracing only includes a subset of values. You have to configure Spring to include the principle, for example:

management.trace.http.include=principal,request-headers,response-headers,cookie-headers,time-taken,authorization-header,remote-address,session-id

answered Oct 25 '19 at 12:00

James Martin

1,050
7
8

Sorry for the late response, but I just want to say thank you for correct Answer. For anyone looking at this and is using Boot 2.2+ you will need to use the following link in order enable httptrace. https://stackoverflow.com/questions/59115578/httptrace-endpoint-of-spring-boot-actuator-doesnt-exist-anymore-with-spring-b – Dan Whitehouse Mar 20 '20 at 18:21

Spring Boot 2 Actuator Httptrace Principal is null

1 Answers1