I need add two custom filters for FORM_LOGIN_FILTER, e.g.
<custom-filter after="FORM_LOGIN_FILTER" ref="myUsernamePasswordAuthenticationFilter" />
<custom-filter after="FORM_LOGIN_FILTER" ref="myUsernamePasswordAuthenticationFilter2" />
What I expect the filter sequences is:
1. Predefind FORM_LOGIN_FILTER
2. myUsernamePasswordAuthenticationFilter
3. myUsernamePasswordAuthenticationFilter2
But above will cause configuration error. So, anyone knows how to write the right config? Thanks!
If you add multiple filters in a sequence, they will all run one at a time. The order in which the configured filters are run is important. The annotation @Order specifies the order in which the multiple filters are executed. The request url pattern is another way to configure multiple filters.
The type WebSecurityConfigurerAdapter is deprecatedWell, it's because the developers of Spring framework encourage users to move towards a component-based security configuration.
Spring Security maintains a filter chain internally where each of the filters has a particular responsibility and filters are added or removed from the configuration depending on which services are required. The ordering of the filters is important as there are dependencies between them.
Use Spring's CompositeFilter
to wrap your custom filters list, and then put that filter on relevant position on SecurityFilterChain
.
E.g. like this:
<bean id="customFilters" class="org.springframework.web.filter.CompositeFilter">
<property name="filters">
<list>
<ref bean="myUsernamePasswordAuthenticationFilter"/>
<ref bean="myUsernamePasswordAuthenticationFilter2"/>
</list>
</property>
</bean>
...
<custom-filter after="FORM_LOGIN_FILTER" ref="customFilters" />
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With