Reputation: 2810
Spring Security custom filter exemption
I have a spring security which have config like this.
<security:http use-expressions="true" create-session="stateless"
entry-point-ref="loginAuthenticationEntryPoint">
<security:custom-filter ref="preAuthFilter" position="PRE_AUTH_FILTER"/>
<security:intercept-url pattern="/product/test/**" access="permitAll"/>
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
</security:http>
My preAuthFilter filters all request and throws an error message if xml that recieved is malformed, but I want to have an exemption. For example I want to add another <security:intercept-url /> that has its own custom-filter.
Or is it possible to have a another entry point for authentication? then I will just add my custom-filter.
How can achieve this? Any ideas?
Thanks.
Upvotes: 0
Views: 643
Answers (1)
Reputation: 9102
A security:http tag without pattern attribute defaults to all requests. You can add another security:http with a pattern attribute pointing to the specific url pattern and declare it above the security:http you already have as more specific one is supposed to be declared first. There you can configure the filters again for the specific url. Spring Security first checks the incoming url with that of pattern declared in security:http. If it does not matches it bypasses rest of the configuration inside that security:http and moves to the next security:http effectively the one without the pattern attribute.
Upvotes: 1
Related Questions
- How to configure a custom filter programatically in Spring Security?
- spring security custom-filter with java configuration
- How to write a custom filter in spring security?
- Spring Security define a custom anonymous filter
- Spring Security custom filter
- Spring Custom filter chain
- Spring Security Filters
- Adding custom filter in spring security
- Spring Security - Apply pattern to custom http filter?
- Spring Security 3.0.5 Custom Filter Issue