I have a Spring Boot applicaton, in which I am trying to create a custom security filter like below:
public class CustomSecurityFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//it should be invoked only for "/needCustomSecurityOnThisURL"
chain.doFilter(request, response);
}
}
Now, I want to invoke this only on a specific URL, but I am not able to figure this out. I am invoking it using below code:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.csrf().disable() // Disable CSRF Token
.httpBasic();
// Disable Session Management
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//want to add the Custom Security Filter n it should ne applicable only on selected URL
http
.antMatcher("/needCustomSecurityOnThisURL")
.addFilterAfter(new CustomSecurityFilter(), BasicAuthenticationFilter.class);
}
}
Now, I could see that this filter gets added to right place in Spring Security filter chain but it gets invoked on every request. I don't want that and also I want to invoke this filter only on specific URL.
I have gone through guide provided by spring and many articles. But I am still not successful on this. Any guidance would be appreciated.