Menu
How can I replace default filter with custom filter in java configuration? In XML it would be, for example:
<bean id="myFilter" class="lalalal.MyFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<security:http auto-config="true">
<security:custom-filter ref="myFilter" position="FORM_LOGIN_FILTER"/>
</security:http>
About filterBefore, filterAfter and default filter inhereting I know.
536
Assuming you have an understanding in general of Java configuration for Spring-security, adding filters is relatively simple (general details of updating spring-security config to java here):
So in your WebSecurityConfigurerAdapter implementation, do something like this:
@Configuration
@EnableWebSecurity
class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override protected void configure(HttpSecurity http) throws Exception {
//Custom security filters
http.addFilterBefore( myFilter(), BasicAuthenticationFilter.class );
//Rest of the security configuration goes here
...
}
That is a very cut down example - but hopefully helps enough - you would put additional security configuration here (e.g. role based restrictions, csrf, session config etc) and myFilter() is another method defining the bean you mention in the question that sets up your Filter. There is also an addFilterAfter() method and you can choose where to place your filter in the chain.
Here is an example for API security that shows some custom filters being used.
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
