Search code examples
javaspringrestspring-security

Exception with (Custom) RestAuthenticationProcessingFilter Ordering

I try to add Rest authentication by token to my app. I created a simple filter doing nothing else print a message :

public class RestAuthenticationProcessingFilter extends GenericFilterBean {

    @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
        System.out.println(arg0);
        // EDIT 25/02/2014
        arg2.doFilter(arg0,arg1);
    }
}

I'm using Spring 4.0 and Spring Security 3.2 with JavaConfig.

I added this in my adapter : 

@Override
protected void configure(HttpSecurity http) throws Exception {
    /*
     * @RemarqueDev Différence entre permitAll et anonymous : permitAll
     * contient anonymous. Anonymous uniquement pour non connecté
     */
     http.addFilter(new RestAuthenticationProcessingFilter());
     http.csrf().disable().headers().disable();
     http.exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint());
}

When I run jetty server, I receive this message: 

Nested in org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] threw exception; nested exception is java.lang.IllegalArgumentException: The Filter class my.package.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.:
java.lang.IllegalArgumentException: The Filter class com.jle.athleges.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.
    at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilter(HttpSecurity.java:1122)

Why?

Solution

  • addFilter:

    Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework. The method ensures that the ordering of the Filters is automatically taken care of. The ordering of the Filters is:...

    Your filter is not an instance or extend of the Filter within the Security framework.

    What you can do however is use addFilterBefore or addFilterAfter.

    For example:

    addFilterBefore(new RestAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)

    You can find the order of the security filter chain in the docs.