Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OpenTelemetry Span Creation for Spring Security Filters and Expose as Configurable Property #12730

Open
Seifenn opened this issue Nov 14, 2024 · 0 comments
Open

Add OpenTelemetry Span Creation for Spring Security Filters and Expose as Configurable Property #12730

Seifenn opened this issue Nov 14, 2024 · 0 comments
Labels
enhancement New feature or request needs triage New issue that requires triage

Comments

@Seifenn
Copy link

Seifenn commented Nov 14, 2024

Is your feature request related to a problem? Please describe.

I want to track the execution of Spring Security filters and send the trace data to Jaeger using OpenTelemetry instrumentation. After enabling logging.level.org.springframework.security=TRACE in my application.properties, I was able to see the execution traces of each security filter inside my request. I'm using the latest version of spring boot and openTelemtry with JAVA 21.

Describe the solution you'd like

I propose adding span creation inside the VirtualFilterChain class, where the log message for each filter execution is triggered. Additionally, I recommend exposing this feature as a configuration property, such as instrumentation.spring.security, which would allow users to enable or disable tracing for internal Spring Security filters. Like the instrumentation for otel.instrumentation.spring-webmvc.enabled=true

Describe alternatives you've considered

I considered modifiying the filterchain to add a filter before the default filters execution that will send this span but i will be modifying the default chain which is not a good approach since everyone who will want to intrument spring security will need this feature. I also used spring AOP to track methods execution inside org.springframework.security.web.FilterChainProxy but this approach cause me problems with native compilation and dont give informations about the filters executed.

Additional context

After enabling logging.level.org.springframework.security=TRACE, I am able to see the logs for every security filter executed inside the request. However, when I examine the FilterChainProxy class to trace the log message, I find that the class VirtualFilterChain contains the log message when a filter is executed. This log message is not linked with any trace or span information, and I am unable to send the traces to Jaeger for internal filters. Therefore the modification need to be made inside the FilterChainProxy class to add support for sending the spans directly if the property is enable since they are default filters. If you have any question please ask for me to clarify i have also created an issue in the SpringSecurity repository spring-projects/spring-security#16092 since the two are related the addition will be inside spring security and enabled in opentelemtry out of the box instrumentation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request needs triage New issue that requires triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Seifenn