Spring Security: which filter is necessary for a REST API

Question

I only need Spring Security Basic HTML Authentication Filter in my project to secure the REST API.

As I'm new in Spring Security, I'm wondering which filter for the rest filter chain is not needed. I've done some research said the securityContextPersistenceFilter is necessary to set up in front of any authentication filters, how about the others?

securityContextPersistenceFilter //It should be needed..
logoutFilter, // I'm not so sure about this..
authenticationProcessingFilter, // I guess it should not be necessary, because user will just use header to hold the credential
concurrentSessionFilter, // I guess no
basicAuthenticationFilter, // Should be needed
securityContextHolderAwareRequestFilter, //It's required because the need to judge the ROLE of the user
rememberMeAuthenticationFilter, // I guess no
anonymousAuthenticationFilter, // I'm not so sure
exceptionTranslationFilter, // Should be needed
filterInvocationInterceptor // I'm not so sure

Am I right about everything in the list?

Answer 1

I think you need only:

securityContextPersistenceFilter // It should be needed..
basicAuthenticationFilter, // Should be needed
securityContextHolderAwareRequestFilter, // for internal stuff also
anonymousAuthenticationFilter, // for default/non-logged in user
exceptionTranslationFilter, // catches security exceptions
filterInvocationInterceptor // defines which url are accessible, etc

There is also good description: http://docs.spring.io/spring-security/site/docs/3.0.x/reference/security-filter-chain.html#d0e2952