Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Custom authenticationFilter Spring Security 3.2

For a project I try to use Spring Security 3.2 as base security. Because this project is already up and running I do already have a other (own) security layer. Hence I made a custom authenticationprovider to melt the security layers. Works fine, till I also needed to make a custom anonymous authentication (Spring Security Documentation, chapter 13).

So I made a custom filter and removed the orignal filter:

<http request-matcher="regex" use-expressions="true">
    <anonymous enabled="false" />
    <custom-filter ref="anonymousAuthFilter" position="ANONYMOUS_FILTER"/>
    ...
</http>

the bean:

<beans:bean id="anonymousAuthFilter" class="own.package.auth.SecurityAnonymousAuthenticationFilter">
    <beans:property name="key" value="anonymousKey "/>
    <beans:property name="userAttribute" value="anonymous,ROLE_ANONYMOUS"/>
</beans:bean>

and te Java Class:

public class SecurityAnonymousAuthenticationFilter extends GenericFilterBean implements InitializingBean {
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        logger.info("Entering doFilter method");
        //implementation code here
    }

    //other methods
}

The problem is that the doFilter method is not called when requesting the server. However the init method afterPropertiesSet() is being called... Does anyone understand why my customFilter is not fired?

P.S. I do have named the delegatingFilterProxy in the web.xml file, so that's not the problem.

like image 751
Jacob van Lingen Avatar asked May 27 '13 13:05

Jacob van Lingen


1 Answers

Since the ANONYMOUS_FILTER is a namespace related filter. You have to avoid any namespace tag that references to the specific filter psoition:

   <http auto-config='false' request-matcher="regex" use-expressions="true">
    <custom-filter ref="anonymousAuthFilter" position="ANONYMOUS_FILTER"/>
    ...
   </http>

For further reference see the Spring security documentations in section 2.3.5: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html

Edit: And for sure leave the <anonymous-enabled=false/> tag.

Edit 2: Corrected my answer. This configuration should work. If not, well than we need to start looking at a bigger picture and you'd have to post more of your app, starting with the complete config.

like image 131
Carsten Avatar answered Sep 20 '22 00:09

Carsten