Reputation: 513
How to inherit OAuth2AuthenticationProcessingFilter or add custom filter
I am using OAuth2 token in rest based API. I wanted to override OAuth2AuthenticationProcessingFilter so that I can extract token if not provider in header attribute as Authorization(This could be provided as accessToken attribute in header long story don't ask why). Or if not then can anyone tell me how to add another filter after the OAuth2AuthenticationProcessingFilter ?
Upvotes: 3
Views: 6843
Answers (2)
Reputation: 1039
A better approach could have been to extend org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor and create bean for same and ref it in
<oauth:resource-server id="resourceServerFilter"
token-services-ref="tokenServices" token-extractor-ref="idofyourtokenextractionbeanhere"
resource-id="myId" />
Upvotes: 1
Reputation: 11835
Basically, in XML, to use the defaults, you add resource-server
<oauth:resource-server id="resourceServerFilter"
token-services-ref="tokenServices"
resource-id="myId" />
which adds OAuth2AuthenticationManager and OAuth2AuthenticationProcessingFilter (see https://github.com/spring-projects/spring-security-oauth/blob/ec215f79f4f73f8bb5d4b8a3ff9abe15b3335866/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/xml/ResourceServerBeanDefinitionParser.java for details)
Then you add that filter into your <sec:http> element:
<sec:custom-filter ref="resourceServerFilter" position="PRE_AUTH_FILTER" />
But if you need to use OAuth2AuthenticationProcessingFilter specialization instead of OAuth2AuthenticationProcessingFilter itself, you could do the following:
I. Add OAuth2AuthenticationManager manually:
<bean id="authenticationManager" class="org.springframework.security.oauth2.config.xml.OAuth2AuthenticationManager">
<property name="tokenServices" ref="tokenServices"/>
<property name="resourceId" value="myId"/>
</bean>
II. Add your filter replacement manually:
<bean id="resourceServerFilter"class="YourFilterImplementationClass">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
III. Insert the filter to filter chain, as usual:
<sec:custom-filter ref="resourceServerFilter" position="PRE_AUTH_FILTER" />
Upvotes: 3
Related Questions
- Spring security oauth2 - add filter after oauth/token call
- Add filter before OAuth2AuthenticationProcessingFilter
- How to add filter after the HTTP BasicAuthenticationFilter when using @EnableAuthorizationServer
- Filter or handle AuthenticationException in OAuth2
- Spring Boot OAuth2 with custom security filter
- OAuth2 Spring Security - OAuth2AuthenticationProcessingFilter not working
- Spring OAuth2 Auth Server: a specific /oauth/token filter?
- Spring OAuth Filter Chain & Java Config
- OAuth2LoginAuthenticationFilter Spring Security
- Modifying the OAuth2ClientAuthenticationProcessingFilter in Spring Boot