Java – spring security and custom authenticationfilter with spring startup

2019-05-19 • Java

I have a custom authentication filter that creates a preauthenticatedauthenticationtoken and stores it in a security context All this is good This is the configuration:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private SsoAuthenticationProvider authenticationProvider;

    @Autowired
    private SsoAuthenticationFilter ssoAuthenticationFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterAfter(ssoAuthenticationFilter,SecurityContextPersistenceFilter.class);
    }
}

Now my ssoauthenticationfilter is a part of filterchainproxy and is in the correct position Smooth

However, since ssoauthenticationfilter is a "filter", it is booted and included as a filter So my filter chain really looks like:

>Ssoauthenticationfilter (including filter) > filterchainproxy (spring autoconfiguration)

>... > securitycontextpersistencefilter > ssoauthenticationfilter (included by HTTP. Addfilterafter (...) >

>Some other filters

Obviously, I want to clear the automatic registration of ssoauthenticationfilter here (the first one listed)

Any hint would be appreciated

Solution

2 options:

>Add filterregistrationbean @ bean to the filter bean as its target filter and mark it enabled = false > don't create a @ bean definition for your filter (usually that's what I do, but YMMV, because you may rely on auto assembly or something to make it work)

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Java – interaction between JUnit @ rule lifecycle and @ before

< <上一篇

Java – GC Optimization: for vs foreach

下一篇>>

搜索内容

Java – spring security and custom authenticationfilter with spring startup

Solution

热门文章