Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring security and custom AuthenticationFilter with Spring boot

Tags:

java

spring

spring-boot

spring-security

I have custom authentication filter which creates PreAuthenticatedAuthenticationToken and stores it in security context. This all works fine. Here is the config:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private SsoAuthenticationProvider authenticationProvider;

    @Autowired
    private SsoAuthenticationFilter ssoAuthenticationFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterAfter(ssoAuthenticationFilter, SecurityContextPersistenceFilter.class);
    }
}

Now my ssoAuthenticationFilter is part of the FilterChainProxy, on the right position. Smooth.

But as the ssoAuthenticationFilter is Filter it gets picked up by Boot and included as a filter. So my filter chain really looks like:

  • ssoAuthenticationFilter (included because being Filter)
  • filterChainProxy (spring autoconfiguration)
    • ...
    • SecurityContextPersistenceFilter
    • ssoAuthenticationFilter (included by http.addFilterAfter(...))
    • ...
  • some other filters

Obviously I would like to get rid of the autoregistration of the ssoAuthenticationFilter here (the first one listed).

Any tips much appreciated.

like image 709
Jan Zyka Avatar asked Aug 29 '14 12:08

Jan Zyka

1 Answers

2 choices:

  1. Add a FilterRegistrationBean @Bean with your filter bean as its target filter and mark it as enabled=false

  2. Don't create a @Bean definition for your filter (normally that's what I do, but YMMV since you might depend on autowiring or something to get it working)

like image 71
Dave Syer Avatar answered Sep 29 '22 12:09

Dave Syer
Sign in to Comment

Related questions

Play! 2.0 console in Intellij IDEA won't work
The import javax.xml.rpc.encoding cannot be resolved
Android Paint: how to get "airbrush" effect?
SFTP server set user/password in Apache Mina SSHD
Type parameter vs unbounded wildcard
AWS.SimpleQueueService.NonExistentQueue Exception thrown when Accessing Existing SQS queue
Apache Shiro - using database to read users, roles and permissions
Get last Modified Date of Files in a directory
While debugging java app what information is shown for a variable in a stack frame [duplicate]
GSON and InstanceCreator issue
Vaadin 7 - Good framework but not for my project [closed]
How do you specify a single test to be run by play framework's "test-only"command
URI/URL and String what is the difference?
Java EE 7 - Injection into Runnable/Callable object
How to use Asynchronous Callbacks in Jersey 2 in tomcat 7
How can I include ChromeDriver in a JAR?
type erasure in implementation of ArrayList in Java
jaxb2-maven-plugin only executing first execution
What is the right way to use Cassandra driver from a web application
Android - Scrolling Vertically with a GridLayout

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!