Add OpenTelemetry Span Creation for Spring Security Filters and Expose as Configurable Property
Seifenn opened this issue · 0 comments
Is your feature request related to a problem? Please describe.
I want to track the execution of Spring Security filters and send the trace data to Jaeger using OpenTelemetry instrumentation. After enabling logging.level.org.springframework.security=TRACE in my application.properties, I was able to see the execution traces of each security filter inside my request. I'm using the latest version of spring boot and openTelemtry with JAVA 21.
Describe the solution you'd like
I propose adding span creation inside the VirtualFilterChain class, where the log message for each filter execution is triggered. Additionally, I recommend exposing this feature as a configuration property, such as instrumentation.spring.security, which would allow users to enable or disable tracing for internal Spring Security filters. Like the instrumentation for otel.instrumentation.spring-webmvc.enabled=true
Describe alternatives you've considered
I considered modifiying the filterchain to add a filter before the default filters execution that will send this span but i will be modifying the default chain which is not a good approach since everyone who will want to intrument spring security will need this feature. I also used spring AOP to track methods execution inside org.springframework.security.web.FilterChainProxy but this approach cause me problems with native compilation and dont give informations about the filters executed.
Additional context
After enabling logging.level.org.springframework.security=TRACE, I am able to see the logs for every security filter executed inside the request. However, when I examine the FilterChainProxy class to trace the log message, I find that the class VirtualFilterChain contains the log message when a filter is executed. This log message is not linked with any trace or span information, and I am unable to send the traces to Jaeger for internal filters. Therefore the modification need to be made inside the FilterChainProxy class to add support for sending the spans directly if the property is enable since they are default filters. If you have any question please ask for me to clarify i have also created an issue in the SpringSecurity repository spring-projects/spring-security#16092 since the two are related the addition will be inside spring security and enabled in opentelemtry out of the box instrumentation