Conditionally passing through spring security filterchain

Question

@Bean
@Order(10)
protected SecurityFilterChain samlFilterChain(final HttpSecurity http) throws Exception {
    OpenSamlAuthenticationProvider authenticationProvider = new OpenSamlAuthenticationProvider();
    authenticationProvider.setResponseAuthenticationConverter(groupsConverter());
    if (!isSsoEnabled){
        http.anonymous();
        return http.build();}
    http.csrf().disable()
            .authorizeHttpRequests(authorize -> authorize
                    .antMatchers("/**")
                    .permitAll()
                    .anyRequest().authenticated()
            )
            .saml2Login(saml2 -> saml2
                    .authenticationManager(new ProviderManager(authenticationProvider))
            )
            .saml2Login()
            .successHandler(successRedirectHandler())
            .failureHandler(failureRedirectHandler())
            .and()
            .saml2Logout(Customizer.withDefaults());

    return http.build();
}

My goal is to check condition whether property allows us to use SSO and if not than just pass this filter chain and be able to login with basic authentication.The problem is that I can't figure out how to skip http creation here and just pass down the filter chain to the next SecurityFilterChain wiht lower precedense, just like:

  chain.doFilter(request, response);

Answer 1

You can add your own custom filter and check your properties inside that filter and pass chain to basic auth filter if needed.

You can have a look on these articles

• https://www.javadevjournal.com/spring-security/custom-filter-in-spring-security
• https://www.baeldung.com/spring-security-custom-filter
• https://www.baeldung.com/spring-onceperrequestfilter
• https://spring.io/guides/topicals/spring-security-architecture