In line with the changes made to Form Login and HTTP Basic logs, let's add logs to Resource Server.
In addition to considering the model that Spring Framework follows, Resource Server should:
- Log any security outcomes at least at the DEBUG level, with reasons for doing so at the TRACE level
- State what the code did or what it is about to do, for example, "Authenticated token" instead of "Successful token authentication"
- Favor TRACE for stack traces