Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security 3.0: How do I specify URLs to which a custom filter applies?

Tags:

servlets

spring-security

servlet-filters

I am using Spring Security 3.0 with JSPs. I have created a RequireVerificationFilter that redirects unverified users to a "verify your email" page.

I added the filter to the spring security filter stack in last place like so:

Bean definition in my app-config.xml:

<bean id="requireVerificationFilter" class="com.ebisent.web.RequireVerificationFilter" />

Filter added to spring security filter list in my security-config.xml:

<custom-filter ref="requireVerificationFilter" after="LAST" />

The filter works, but it filters its own redirect URL. That is, the filter redirects unverified users to /access/verify, but that URL is also caught by the filter, which attempts the redirect ad infinitum.

I tried using the <filter-mapping> tag to restrict the URLs this new filter applies to, but that does not seem to work the way I thought it would. Here is the web.xml entry I added anyway:

    <filter>
        <filter-name>requireVerificationFilter</filter-name>
        <filter-class>com.ebisent.web.RequireVerificationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>requireVerificationFilter</filter-name>
        <url-pattern>/account/*</url-pattern>
    </filter-mapping>

I read through "Adding in Your Own Filters" in the spring security documention, but did not find an answer.

My question is, How can I specify which URLs my filter applies to?

UPDATE:

I got this working by specifying the URL to allow within the filter itself. This works fine for me, but if there is a better/more "springy" way to do it, I would be glad to hear it.

like image 714
outis Avatar asked Oct 17 '10 19:10

outis

1 Answers

You should use org.springframework.security.web.FilterChainProxy for this. the attribute filter should only containts none:

<http ...>
      <custom-filter ref="requireVerificationFilterChain" after="LAST" />
</http>

<b:bean id="requireVerificationFilterChain" class="org.springframework.security.web.FilterChainProxy">
        <filter-chain-map request-matcher="ant">
            <filter-chain pattern="/account/*" filters="requireVerificationFilter"/>
        </filter-chain-map>
</b:bean>
<b:bean id="requireVerificationFilter" class="com.ebisent.web.RequireVerificationFilter" />
like image 80
Michel Avatar answered Sep 22 '22 15:09

Michel
Sign in to Comment

Related questions

What is the life span of an ajax call?
Can't get the session in java servlet
App Engine - RequestFactory vs servlets vs other approaches
HttpServlet lifecycle and serialization
HttpServletRequest#getRemoteAddr() returns NULL
HttpServletResponse PrintWriter to write an InputStream
what's the deal with Cookie.setMaxAge(Integer.MAX_VALUE)?
404s when deploying a noir war to jetty on squeeze
Filter is used as controller in Struts2
Setting headers on HttpServletResponse after writing response body
Access to an EJB remotely from a different server
Best practice error handling in JSP Servlets
How to pass parameter in multipart post request
Is it possible to create a JAR with an aspect that is automatically applied to classes in client project?
How does Servlet/JSP MVC patterns translate to JSF/Facelets (in particular the service and controller parts)?
ServletResponse.setBufferSize doesn't work in Tomcat 7?
Asynchronous processing of Requests by Servlet
Difference between Session, HTTP Connection?
Read Browser/Client time from Http Servlet request header
sharing session between WARs

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!