* By default all authentication events are passed onto the
audit listener
* Access denied exceptions are still not published by Spring
Security because of a bug in the Java config support
[Fixes#48155753]
* The TraceAutoConfiguration in the service project
was loading too early because it contains a BPP
* It also had a Spring Security dependency without any
@Conditional* configuration
* Fixed by nesting the BPP in a class with @Conditional*
* Added a bean post processor for the Spring Security filter chain
(so you only get traces by default if security is on)
* Every request is logged at trace level if the dump requests flag is
on
* Requests are also dumped to a TraceRepository for later analysis (very
useful for tracing problems in real time when a support call comes in)
[Fixes#48976001]
Phillip Webb
Dave Syer