Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring security - create 2 filter chains with specific matchers

Tags:

spring

spring-security

matcher

adfs

spring-security-rest

I'm in the process of implementing ADFS support to an existing spring project. Since we already have our own JWT authentication, which we want to work in parallel to ADFS authentication, I want to implement a new filter chain that will handle only certain API request paths. By this I mean I want to create:

  • ADFS filter chain that will handle all the /adfs/saml/** API calls
  • Leave the default filter chain that will handle all the rest API calls

I'm using the ADFS spring security lib that defines the filter chain like this:

public abstract class SAMLWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

//some code

 protected final HttpSecurity samlizedConfig(final HttpSecurity http) throws Exception {
        http.httpBasic().authenticationEntryPoint(samlEntryPoint())
                .and()
                .csrf().ignoringAntMatchers("/saml/**")
                .and()
                .authorizeRequests().antMatchers("/saml/**").permitAll()
                .and()
                .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
                .addFilterAfter(filterChainProxy(), BasicAuthenticationFilter.class);

        // store CSRF token in cookie
        if (samlConfigBean().getStoreCsrfTokenInCookie()) {
            http.csrf()
                    .csrfTokenRepository(csrfTokenRepository())
                    .and()
                    .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
        }

        return http;
    }
}

And I extend this class:

@EnableWebSecurity
@Configuration
@Order(15)
@RequiredArgsConstructor
public class ADFSSecurityConfiguration extends SAMLWebSecurityConfigurerAdapter {
   @Override
    protected void configure(final HttpSecurity http) throws Exception {
        samlizedConfig(http)
                .authorizeRequests()
                .antMatchers("/adfs")
                .authenticated();
    }

}

But when debugging I see that this new filter chain is set to match "any" request. So I'm probably setting the matchers wrong.

like image 640
Itamar Kerbel Avatar asked Nov 05 '25 18:11

Itamar Kerbel

1 Answers

Actually, after reading the official docs the answer was a simple one: (see "Creating and Customizing Filter Chains" section)

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        samlizedConfig(http)
                .antMatcher("/adfs/**");
    }

It should not be put after .authorizeRequests() but strait on the first matcher.

like image 125
Itamar Kerbel Avatar answered Nov 07 '25 10:11

Itamar Kerbel
Sign in to Comment

Related questions

Hibernate EmptyInterceptor onFlushDirty() is not executing
How to run a integration test in Spring with @SpringBootTest

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!