Menu
Using XML configuration would be like
<custom-filter position="FORM_LOGIN_FILTER" ref="SCAAuthenticationFilter" />.
Without XML would be like:
httpSecurity.addFilter(new SCAAthenticationFilter())
It seems that spring doesn't replace UsernamePasswordAuthenticationFilter, but adds my filter before.
801
I'd guess you must have either had <form-login> or had <http auto-config="true"> in your configuration. Unless either of these are present, Spring Security won't add a UsernamePasswordAuthenticationFilter automatically. The URL for submitting the form and the parameter names are all configurable properties of the filter, which your custom version didn't override, hence the difference.
197
If you take a look to FormLoginConfigurer you will see that the UsernamePasswordAuthenticationFilter is created and inserted to AbstractAuthenticationFilterConfigurer constructor then there it is assigned to final F authFilter so there is no way to replace it in Spring Security 4.1
addFilter() will simply add another filter to filter list
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
