Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Add filter before OAuth2AuthenticationProcessingFilter

Tags:

spring-security

spring-security-oauth2

I am using spring-security-oauth2 in IDP mode and spring-boot. I need to do some work before the oauth token is extracted from the request. How do I add a filter before OAuth2AuthenticationProcessingFilter?

I have tried:

@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfigurerAdapter extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().anyRequest().authenticated().and()
                .addFilterBefore(new MyFilter(), OAuth2AuthenticationProcessingFilter.class);
    }

}

But I get the following exception:

java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter

I guess this might be because @EnableResourceServer is executed after configure(HttpSecurity http).

like image 363
jax Avatar asked Oct 18 '17 00:10

jax

People also ask

Which filter class is required for Spring Security?

Spring Security's web infrastructure is based entirely on standard servlet filters. It doesn't use servlets or any other servlet-based frameworks (such as Spring MVC) internally, so it has no strong links to any particular web technology.

How do I use addFilterBefore?

There are a couple of possible methods: addFilterBefore(filter, class) adds a filter before the position of the specified filter class. addFilterAfter(filter, class) adds a filter after the position of the specified filter class. addFilterAt(filter, class) adds a filter at the location of the specified filter class.

1 Answers

I achieved desired functional by doing this

                .addFilterBefore(new MyTokenFilter(), AbstractPreAuthenticatedProcessingFilter.class)
like image 62
Olegdelone Avatar answered Oct 14 '22 00:10

Olegdelone
Sign in to Comment

Related questions

Creating Custom OpenId Provider for Oauth2 Spring Boot
Multiple <http> elements in Spring security
Two separate Spring contexts for one webapp
Spring Security 3.1 Run-As
Confusion around Spring Security anonymous access using Java Config
404 with response.sendRedirect
Accept facebook login into my REST API
Spring Security entity field level security
error while exporting grails 2 plugin to grails 3
Spring MVC testing (security Integration test), JSESSIONID is not present
Spring Webflux Websocket Security - Basic Authentication
Spring Security and AJP proxy
Spring Security: put additional attributes(properties) in the session on success Authentication
Spring Security: What is the right way to call method secured with @PreAuthorize in background task?
Spring Security getPrincipal() method returns anonymousUser
Why is uniquely constrained field failing on update, in Grails
Again... method security with spring boot/security: Error creating bean with name 'methodSecurityInterceptor' "This object has already been built"
How to get a List of Objects that a user can access using ACLs related tables
Spring Boot Security OAuth2 with Form Login
spring-security-oauth2 JwkTokenStore with custom user details service

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!