What is implication of adding @Component to custom Spring Security filter -
What is implication of adding @Component to custom Spring Security filter -
i have custom spring security filter extending genericfilterbean.
to automatic dependency , bean creation added @component annotation.
in security config register filter like:
@autowired private restauthenticationfilter restauthenticationfilter; protected void configure(httpsecurity http) throws exception { // @formatter:off http .addfilterbefore(restauthenticationfilter, logoutfilter.class) everything works except filter called twice... seems spring adds filters automatically standard filters.
what should best approach here?
update
@dave mean? seems work.
@configuration @componentscan @enableautoconfiguration public class application extends webmvcconfigureradapter { @autowired private restauthenticationfilter restauthenticationfilter; public static void main(string[] args) { springapplication.run(application.class, args); } @bean public applicationsecurity applicationsecurity() { homecoming new applicationsecurity(); } @bean public filterregistrationbean filterregistrationbean() { filterregistrationbean filterregistrationbean = new filterregistrationbean(); filterregistrationbean.setenabled(false); filterregistrationbean.setfilter(restauthenticationfilter); homecoming filterregistrationbean; } @order(securityproperties.access_override_order) protected static class applicationsecurity extends websecurityconfigureradapter { @autowired private restauthenticationfilter restauthenticationfilter; @override protected void configure(httpsecurity http) throws exception { // @formatter:off http .addfilterbefore(restauthenticationfilter, logoutfilter.class) .authorizerequests() .anyrequest().authenticated() .and() .csrf() .disable() .exceptionhandling() .authenticationentrypoint(new http403forbiddenentrypoint()) .and() .requestcache() .requestcache(new nullrequestcache()) .and() .sessionmanagement() .sessioncreationpolicy(sessioncreationpolicy.stateless); // @formatter:on } } }
you need explicitly register filter , mark "enabled=false" using filterregistrationbean api. spring security utilize in chain, boot not seek , register well.
spring spring-boot spring-security-ldap
Comments
Post a Comment