Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Custom authenticationFilter Spring Security 3.2

Tags:

java

spring

spring-security

For a project I try to use Spring Security 3.2 as base security. Because this project is already up and running I do already have a other (own) security layer. Hence I made a custom authenticationprovider to melt the security layers. Works fine, till I also needed to make a custom anonymous authentication (Spring Security Documentation, chapter 13).

So I made a custom filter and removed the orignal filter:

<http request-matcher="regex" use-expressions="true">
    <anonymous enabled="false" />
    <custom-filter ref="anonymousAuthFilter" position="ANONYMOUS_FILTER"/>
    ...
</http>

the bean:

<beans:bean id="anonymousAuthFilter" class="own.package.auth.SecurityAnonymousAuthenticationFilter">
    <beans:property name="key" value="anonymousKey "/>
    <beans:property name="userAttribute" value="anonymous,ROLE_ANONYMOUS"/>
</beans:bean>

and te Java Class:

public class SecurityAnonymousAuthenticationFilter extends GenericFilterBean implements InitializingBean {
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        logger.info("Entering doFilter method");
        //implementation code here
    }

    //other methods
}

The problem is that the doFilter method is not called when requesting the server. However the init method afterPropertiesSet() is being called... Does anyone understand why my customFilter is not fired?

P.S. I do have named the delegatingFilterProxy in the web.xml file, so that's not the problem.

like image 751
Jacob van Lingen Avatar asked May 27 '13 13:05

Jacob van Lingen

1 Answers

Since the ANONYMOUS_FILTER is a namespace related filter. You have to avoid any namespace tag that references to the specific filter psoition:

   <http auto-config='false' request-matcher="regex" use-expressions="true">
    <custom-filter ref="anonymousAuthFilter" position="ANONYMOUS_FILTER"/>
    ...
   </http>

For further reference see the Spring security documentations in section 2.3.5: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html

Edit: And for sure leave the <anonymous-enabled=false/> tag.

Edit 2: Corrected my answer. This configuration should work. If not, well than we need to start looking at a bigger picture and you'd have to post more of your app, starting with the complete config.

like image 131
Carsten Avatar answered Sep 20 '22 00:09

Carsten
Sign in to Comment

Related questions

Getting error java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
Eclipse Data Tools Project - SQL Query Parser
what's the difference between managed bean and spring controller?
Has anyone figured out how to make a javafx tableview act like a jtable?
Java uses a String constant with the quotes
Web Data Streaming in Java EE
NullPointerException when executing PreparedStatement on Oracle DB to insert Blob
Java's ServiceLoader and test resources
Algorithm optimization - parallel AsyncTasks or threads?
Java - regular expression for get number format
JTOpen KeyedDataQueue read() timeout
Getting sun.security.validator.ValidatorException: PKIX path building failed Error
Create an exception-safe wrapper of a class
Spring 3 AJAX POST request with @RequestBody and @ModelAttribute and @SessionAttribute used together?
Microsoft ISA Server Authentication in Android
How to make numeric comparison when using morphia to perform an $elemMatch query
Debug Lua in a Java project using LuaJava
Make checkstyle require the Java 7 Diamond operator
overriding the onScroll method of the com.android.View in android coding?
REST Api Implementation Using Spring

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!