CODEWITHSUNDEEP
springsecurityspring-bootfilter
Masudur Rahman
Masudur Rahman

Reputation: 96

How can I add custom filter order after spring security filter?

My filter as follows:

@Component
@Order(1)
public class MDCFilter implements Filter {
.....

and application.properties

security.filter-order=0

In above settings- my filter is coming first and then security filter. But i need mdcFilter after spring security filter.

Upvotes: 4

Views: 7736

Answers (2)

Cork Kochi
Cork Kochi

Reputation: 1891

If you want your own Filter to go after Spring Security's you can create your own registration for Spring Security's filter and specify the order.

https://github.com/spring-projects/spring-boot/issues/1640 

@Bean
    public FilterRegistrationBean securityFilterChain(@Qualifier(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) Filter securityFilter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(securityFilter);
        registration.setOrder(Integer.MAX_VALUE - 1);
        registration.setName(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME);
        return registration;
    }

    @Bean
    public FilterRegistrationBean userInsertingMdcFilterRegistrationBean() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        UserInsertingMdcFilter userFilter = new UserInsertingMdcFilter();
        registrationBean.setFilter(userFilter);
        registrationBean.setOrder(Integer.MAX_VALUE);
        return registrationBean;
    }

Upvotes: 2

Piotr Sołtysiak
Piotr Sołtysiak

Reputation: 1006

You can put your filter next to specific spring-security filter by defining you security config like that:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MDCFilter mdcFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(mdcFilter, UsernamePasswordAuthenticationFilter.class);

    }
}

In above example your filter will go just before UsernamePasswordAuthenticationFilter. You can also use HttpSecurity class methods addFilterAfter(Filter filter, Class<? extends Filter> afterFilter) and addFilterAt(Filter filter, Class<? extends Filter> atFilter) to specify your filter order.

Upvotes: 5

Related Questions