Spring Security filter not invoked

Question

I have below code for filters configured in a spring boot application. My second filter which is B, is not invoke when i make a request.

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter  {
    @Override
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(HttpMethod.GET, "/health");
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.addFilterBefore(new A(), BasicAuthenticationFilter.class);
        http.addFilterAfter(new B(), new A().getClass());
    }
}

import org.springframework.web.filter.GenericFilterBean;
public class A extends GenericFilterBean {

    @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
            throws IOException, ServletException {
        System.out.println("filter A");
    }
}

import org.springframework.web.filter.GenericFilterBean;
public class B extends GenericFilterBean {

    @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
            throws IOException, ServletException {
        System.out.println("filter B");         
    }
}

Edit:

 public class A extends GenericFilterBean {

        @Override
        public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
             System.out.println("filter A Before");
             arg2.doFilter(arg0,arg1);
             System.out.println("filter A After");
        }
}

Answer 1

Your config is correct. But you need to pass your request from Filter A to Filter B as mentioned by M. Deinum. Just printing wont work. In your code it should be like, arg2.doFilter() in Filter A.

From docs it says,

A typical implementation of this method would follow the following pattern:

1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()), or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.