Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to Disable Spring Security Filters

I have a situation where I have a RESTful service which is using a pre-authenticated token for authentication. I've implemented my own preAuth filter, and that's working great. My issue is that some requests sent to my service include BasicAuthorization which isn't for my application. (I wish they didn't, and they shouldn't, but they do and I can't control that.)

Now, it seems that Spring Security automatically makes a BasicAuthorization filter, but that filter is catching these irrelevant authentication headers, and then throwing the error:

Error 401 No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken

So I want to turn off the filters I'm not using in Spring Security, but I can't figure out how. I know I could create dummy filters and replace the auto filters, or I could just delete all basic Auth headers before the application enters the filter chain, but those both seem like hacks.

When I looked in the spring security filter documentation I found the part that shows you how to add a FilterChainProxy, but it seems like I'm having to manually create all the beans for spring security that way. Specifically I got to the part where you need an AccessDecisionManager, but I thought that is what my

<http use-expressions="true" create-session="stateless"
        authentication-manager-ref="authenticationManager">

        <intercept-url pattern=[etc ...]

stuff was for, and I still want to use that. Anyone have any suggestions?

like image 808
CorayThan Avatar asked Nov 03 '22 20:11

CorayThan


1 Answers

After looking into it for a while, it turns out my example was incomplete. I was using baeldung's spring security with a REST service guide and foolishly included <http-basic /> from that. So ... sorry for the bad question.

like image 111
CorayThan Avatar answered Nov 15 '22 07:11

CorayThan