I have a webflux app and need to have sleuth context in my authentication logs (move from DefaultWebFilterChain to SecurityWebFilterChain).
I have tried to add manually in my security chain:
public GwApiSecurityConfig(Tracer tracer, HttpServerHandler httpServerHandler, CurrentTraceContext currentTraceContext){
this.tracer = tracer;
this.httpServerHandler = httpServerHandler;
this.currentTraceContext = currentTraceContext;
}
@Bean
public SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
return http
.csrf().disable()
.authorizeExchange()
.pathMatchers(HttpMethod.GET,"/swagger", "/v3/**", "/webjars/**", "/actuator/**").permitAll()
.anyExchange().authenticated()
.and()
.httpBasic()
.authenticationEntryPoint((exchange, exception) -> Mono.error(new GwException(HttpStatus.UNAUTHORIZED, GwError.AUTHENTICATION)))
.and()
.formLogin().disable()
.redirectToHttps()
.and()
.addFilterBefore(new TraceWebFilter(tracer, httpServerHandler, currentTraceContext), SecurityWebFiltersOrder.HTTP_BASIC)
.build();
}
But I got an error:
09:11:06.117 ERROR[reactor-http-nio-2] [,] GwApiErrorHandler - null
java.lang.NullPointerException: null
at org.springframework.cloud.sleuth.instrument.web.TraceWebFilter.spanFromContextRetriever(TraceWebFilter.java:139)
Also I checked this property:
spring.sleuth.web.filter-order=1
but I think that only affect the DefaultWebFilterChain order, no SecurityWebFilterChain. And how to remove the filter from DefaultWebFilterChain to avoid filtering twice?
Any ideas? Thanks!
