1

I defined my AlanCookieFilter by @Bean annotation:

@Bean
    public Filter alanCookieFilter() {
        return new AlanCookieFilter(); // type of AbstractPreAuthenticatedProcessingFilter
    }

Then I added my filter by using WebSecurityConfigurerAdapter:

@Configuration
public class AlanOAuthWebConfig extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilter(alanCookieFilter()).antMatcher("/**");
    }   
}

But when I started application, I got following log message:

o.s.b.c.embedded.FilterRegistrationBean  : Mapping filter: 'alanCookieFilter' to: [/*]

It seems that AlanCookieFilter is still mapped to /* instead of /**. I'm totally confused by this wield behaviour.

David Pérez Cabrera
  • 4,594
  • 2
  • 20
  • 35
Neo
  • 2,006
  • 4
  • 27
  • 57

1 Answers1

2

You added the filter twice. First time as a Servlet Filter and second time in the filter chain of Spring Security.

By default Spring Boot maps your filter to /*, see Spring Boot Docs:

By default, if the context contains only a single Servlet it will be mapped to /. In the case of multiple Servlets beans the bean name will be used as a path prefix. Filters will map to /*.

If convention-based mapping is not flexible enough you can use the ServletRegistrationBean and FilterRegistrationBean classes for complete control. You can also register items directly if your bean implements the ServletContextInitializer interface.

To change the mapping, see also: How to add a filter class in Spring Boot?

You should only add Spring Security filters (or extentions) to the filter chain, see HttpSecurity.html#addFilter:

Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework.

Your filter extends AbstractPreAuthenticatedProcessingFilter and should be added only to the filter chain.

One way to stop Spring Boot to map your filter is: Don't expose your filter with @Bean, see Spring Boot Docs.

When using an embedded servlet container you can register Servlets and Filters directly as Spring beans.

Community
  • 1
  • 1
dur
  • 13,039
  • 20
  • 66
  • 96