CODEWITHSUNDEEP
javaspringrestspring-mvcspring-boot
Nuñito Calzada
Nuñito Calzada

Reputation: 2066

SpringBoot: Bypass OncePerRequestFilter filters

I have a basic SpringBoot 2.0.5.RELEASE app. Using Spring Initializer, JPA, embedded Tomcat, Thymeleaf template engine, and package as an executable JAR file.

I have created a Custom JWT based security filter JwtFilter :

@Provider
public class JwtAuthorizationTokenFilter extends OncePerRequestFilter {
...
}

But I want to Bypass this filter only for 1 specific request / method: "/api/v1/menus", when is a POST

But I don't know if it is possible in the WebSecurityConfigurerAdapter :

 JwtAuthorizationTokenFilter authenticationTokenFilter = new JwtAuthorizationTokenFilter(userDetailsService(), jwtTokenUtil, tokenHeader);
     httpSecurity
         .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
          .antMatcher("/api/v1/menus")

Upvotes: 9

Views: 8666

Answers (2)

Tim
Tim

Reputation: 1471

I used to validate the HttpServletRequest for URI path and use the Filterchain to pass the request, response in chain.

like below


public class JwtRequestFilter extends OncePerRequestFilter {

....

@Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse respone, FilterChain chain) throws ServletException, IOException {

....
String urlPath = request != null ? request.getRequestURI():null;
        String[] splitPath = urlPath != null? urlPath.split("/"):null;
        String currentPath = splitPath!=null?splitPath[splitPath.length-1]:null;
        List<String> allowedPath = Arrays.asList("about","info","authenticate");
        if(currentPath != null && allowedPath.contains(currentPath)){
            SecurityContextHolder.getContext().setAuthentication(null);
            chain.doFilter(request, respone);
        }
...

Better approach is as mentioned in Tom's answer. that's Easy.

Upvotes: 1

Tom
Tom

Reputation: 1027

You can override the shouldNotFilter method from the OncePerRequestFilter as below:

@Provider
public class JwtAuthorizationTokenFilter extends OncePerRequestFilter {
    @Override
    protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
        return new AntPathMatcher().match("/api/v1/menus", request.getServletPath());
    }

}

Upvotes: 21

Related Questions