I'm working through some of the Spring Security tutorials and trying to implement them without xml and I can't seem to find a anything about replacing the default UsernamePasswordAuthenticationFilter.
Similar to this question I'd like to retrieve an extra parameter from the login form. Where I'm having difficulty is:
<custom-filter ref="customAuthenticationProcessingFilter" position="FORM_LOGIN_FILTER"/>
In order to set this up properly do I need to build from the AuthenticationManagerBuilder down? or am I missing something?
The addFilterBefore () method of the HttpSecurity class will register the custom filter before Spring security filter. 2. Advanced Before Authentication Filter Configuration Here, you can see the filter requires an instance of the CustomerService class, which will be injected by Spring framework as @Autowired is used.
Java configuration creates a Servlet Filter known as the springSecurityFilterChain which is responsible for all the security (protecting the application URLs, validating submitted username and passwords, redirecting to the log in form, etc) within your application.
Similarly, we can use the XML configuration: If we don't specify this, Spring Security will generate a very basic Login Form at the /login URL. 8.2. The POST URL for Login The default URL where the Spring Login will POST to trigger the authentication process is /login, which used to be /j_spring_security_check before Spring Security 4.
Spring Security provides support for Java Based Configuration from Spring Security 3.2. Java developers can easily configure Spring Security in the web application by Java based without the use of any XML. Spring Security’s web infrastructure is nothing but it is collection of standard servlet filters.
According to the Spring Security documentation found here:
http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html#filter-stack
FORM_LOGIN_FILTER is just an alias for the class UsernamePasswordAuthenticationFilter.
So
http.addFilterBefore(new YourFilter(), UsernamePasswordAuthenticationFilter.class);
Should do the trick
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With