When HTTP logging mode is enabled, Auth Server should also dump HTTP response body.

[martynaslawinska]

aliaksander-samuseu commented on Jul 30, 2019
At the moment, httpLoggingEnabled property in conjunction with loggingLevel makes oxAuth to dump complete HTTP request into log file on disk for easy review. That is a huge step forward in terms of troubleshooting and ease of providing support to customers that (in theory) may make usage of cumbersome complex tools like intercepting proxies and Apache's mod_dumpio not necessary in most cases.

The only downside to this currently is that this feature won't dump HTTP response's body along with the request - and this severely limiting its troubleshooting potential in many cases.

According to @yurem, such limitation was added with optimization in mind, to prevent log from consuming disk space rapidly; there also are some implementation difficulties to make that happen (but still may be possible).

Overall, I believe implementing this additional functionality may worth a try. To tackle the disk space issue at least, there could be an additional key in JSON configuration array which would allow enabling HTTP response body logging separately from the rest of the HTTP logging functionality.

[yuriyz]

It can help in troubleshooting a lot. Lets log body only if log.isTraceEnabled() also we need separate configuration property which allows to turn on/off body logging. Default value should be off.