Spring security filter is never invoked

Question

I am trying to implement a Spring security filter as follows:

@Configuration
@EnableWebSecurity
open class OpenApiConfigurer : WebSecurityConfigurerAdapter() {

    override fun configure(http: HttpSecurity) {
        http.addFilter(object : FilterSecurityInterceptor() {
            override fun doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain?) {
                super.doFilter(request, response, chain)
            }
        })
    }
    ...
}

I can confirm the @Configuration is loaded because, the configure method is invoked and the filter is added. However the method doFilter is never invoked – I can call whichever requests, but it never does anything inside of it.

What might be wrong? Do I need to do something special?

Answer 1

The reason was following:

// Even though this class is not a bean/service/configuration, it must be defined for
// the Spring-Security to work - otherwise the filters are never invoked with no error.
open class SecurityInitializer : AbstractSecurityWebApplicationInitializer()