spring
Spring Security Filter is not being triggered by configuration
I am configuring the security of my REST and I don't know how I can secure my methods, however allowing a filter to trigger to set my Authority http .authorizeRequests() .antMatchers(PERSISTENCE_SERVICE_URL) .hasAuthority(AUTHORITY_PERSISTENCE_SERVICE) .and() .csrf() .disable(); And in my Filter which extends OncePerRequestFilter does something like this protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { this.authenticationImpl.init(); String jwt = request.getHeader("jwt"); String refresh = request.getHeader("refresh"); if(jwt != null) { this.jwtPropertyExtractor.commitJwt(jwt, refresh); String jwtId = this.jwtPropertyExtractor.getIdentityId(); String securityRole = this.jwtPropertyExtractor.getSecurityRole(); this.authenticationImpl.setIdentityId(jwtId); this.authenticationImpl.updateSecurityRole(securityRole); SecurityContextHolder.getContext().setAuthentication(this.authenticationImpl); } filterChain.doFilter(request, response); } So when I place .hasAuthority(AUTHORITY_PERSISTENCE_SERVICE) in my configuration, my filter is not even being triggered but i need him to set my authentication.
Ok i added .addFilterBefore(jwtAuthorisationFilter(), BasicAuthenticationFilter.class); } #Bean public JwtAuthorisationFilter jwtAuthorisationFilter() { return new JwtAuthorisationFilter(jwtExtractor(), authenticationImpl()); } Now its working fine thx for that hint :>
Related Links
Autowired Environment is null in #Configuration-annotated classes
Hide certain fields from a spring request body in swagger
Spring Boot unabe to serve static image from resource folder
CDI #ViewScoped bean functionality unavailable
Passing NT Credentials to org.apache.commons.httpclient.HttpClient (Spring RestTemplate Dependency)
#RequestParam annotation at class level not working as expected
Who maintain the session - Is it application framework or application server?
Spring, switch property file depending on profile
Why I am getting NoSuchBeanDefinitionException when I deploy my Spring application in Tomcat?
How to disable the 'Authentification required popup' in Spring server configuration?
Getting javax.transaction.TransactionManager exception when processing the jms message in another thread
OAuth2: separate clients (browsers/sessions) which uses same credentials?
Spring FTP Integration : Very slow when remote directory is having 5000000 files
Spring Boot Persistence
set heartbeat property on rabbitmq autoconfig connectionfactory bean
Spring MVC multiple views in multiple locations