WebGoat springboot java app - not logging http status code in console
I am using https://github.com/WebGoat/WebGoat, trying to change couple of configs below but none works. I am not expert in Java so hope to have some insights what's wrong in my config.
- What I want to achieve: logging http status code in console / any log driver when i execute the app, there are some logs appeared in the terminal but I want the http status code 200 or 302 etc whenever we access the pages.
For example, when I access http://127.0.0.1:8080/WebGoat, there should be http code 302 with a redirect. Or when I refresh on http://127.0.0.1:8080/login, there should be http code 200 like what I got from curl -i http://127.0.0.1:8080/login
What I did: i have updated the application.properties file logging sections to DEBUG level
logging.level.org.thymeleaf=DEBUG
logging.level.org.thymeleaf.TemplateEngine.CONFIG=DEBUG
logging.level.org.thymeleaf.TemplateEngine.TIMER=DEBUG
logging.level.org.thymeleaf.TemplateEngine.cache.TEMPLATE_CACHE=DEBUG
logging.level.org.springframework.web=DEBUG
logging.level.org.springframework=DEBUG
logging.level.org.springframework.boot.devtools=DEBUG
logging.level.org.owasp=DEBUG
logging.level.org.owasp.webgoat=DEBUG
logging.level.org.owasp.webgoat=DEBUG
However none of these appear when I access the page from browser. The logs merely shows actions of initialization, further refresh or accessing the page doesn't log any status code:
2023-04-13 17:02:30.794 INFO 69552 --- [ main]
o.s.b.w.e.undertow.UndertowWebServer : Undertow started on port(s) 9090 (http)
2023-04-13 17:02:30.804 INFO 69552 --- [ main] org.owasp.webgoat.server.StartWebGoat : Started StartWebGoat in 0.653 seconds (JVM running for 10.763)
2023-04-13 17:02:30.805 INFO 69552 --- [ main] org.owasp.webgoat.server.StartupMessage : Please browse to http://127.0.0.1:8080/WebGoat to get started...
2023-04-13 17:02:59.997 INFO 69552 --- [ XNIO-1 task-2] io.undertow.servlet : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-04-13 17:02:59.997 INFO 69552 --- [ XNIO-1 task-2] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2023-04-13 17:03:00.000 INFO 69552 --- [ XNIO-1 task-2] o.s.web.servlet.DispatcherServlet : Completed initialization in 3 ms
When I inspect the network on browser, I can see the status code (image) 
. What is missing here? If I need to add logging action log.debug somewhere, any guidance on that?
I have searched through those files in the main webgoat application, but a bit confused as where should i add further. I thought the application.properties file did configure logging with logging.level.org.owasp=DEBUG stated.
https://github.com/WebGoat/WebGoat/tree/main/src/main/java/org/owasp/webgoat
Figured out - to add http code status logging, just add a logback.xml file with configuration:
<configuration>
<include resource="org/springframework/boot/logging/logback/base.xml"/>
<logger name="org.springframework.web" level="DEBUG"/>
</configuration>
For the specific example with this https://github.com/WebGoat/WebGoat app, the location of the logback.xml file will be in the src/main/resources/ folder.
(Note: some test cases will fail, but just proceed to reinstall and containerize it to execute after that as stated in the github steps :
# On Linux/Mac:
./mvnw clean install
# On Windows:
./mvnw.cmd clean install
# Using docker or podman, you can than build the container locally
docker build -f Dockerfile . -t webgoat/webgoat
Now we are ready to run the project. WebGoat is using Spring Boot.
# On Linux/Mac:
./mvnw spring-boot:run
# On Windows:
./mvnw.cmd spring-boot:run
And you will see the http code status logged after that when u run it locally or in chosen path.
- Is there a java.time equivalent of DateTime.dayOfYear().isLeap()?
- WordNet Java API
- Why use a ReentrantLock if one can use synchronized(this)?
- How to format a ZonedDateTime to a String?
- How to short circuit when using a parallel stream with filter and findFirst
- Stream distinct with nested list counts and matching nested list item counts
- Timezone changes are not being persisted in Spring-Boot application
- how to convert decimal to hexadecimal in java
- Why does pattern matching with switch on InetAddress fail with 'does not cover all possible input values'?
- Jackson to parse bean<t> with list of T beans
- Catch a generic exception in Java?
- How to get the whole text of StAX XMLEvent object?
- The www-authenticate header breaks JettyClientHttpConnector
- Why should I use @NaturalId?
- Can't reproduce virtual thread pinning (jdk 21), yet mysql not as parallel as should be
- how to move slider towards left and right using selenium java
- Format of Date in the JavaFX.TableView
- Launch Jetty 9 Programmatically
- Spring JdbcTemplate fail to convert String to Enum (that extend specific interface), since default converter is called even if removed
- GET Request Returning Empty Object in SpringBoot
- Trying to draw box around checkbox and display text using pdfbox
- Extracting date, hour and minute from Instant.now() generated date
- Tail Call Optimisation in Java
- Spring Boot Angular18 Uploading Photo
- What is a IOException, and how do I fix it?
- What does %5B and %5D in POST requests stand for?
- Why couldn't Integer type convert to Double type automatically in Java8 stream API?
- Spring Boot default H2 jdbc connection (and H2 console)
- No content to map due to end-of-input jackson parser
- How to properly add HTTP header in WebService Client (Spring Web Services)