Exception with (Custom) RestAuthenticationProcessingFilter Ordering

java spring rest spring-security
15,108

Solution 1

addFilter:

Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework. The method ensures that the ordering of the Filters is automatically taken care of. The ordering of the Filters is:...

Your filter is not an instance or extend of the Filter within the Security framework.

What you can do however is use addFilterBefore or addFilterAfter.

For example:

addFilterBefore(new RestAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)

You can find the order of the security filter chain in the docs.

Solution 2

Spring defines a sorting rule for security filters, check the constructor org.springframework.security.config.annotation.web.builders.FilterComparator. when you call org.springframework.security.config.annotation.web.builders.HttpSecurity# When addFilter, its method will use org.springframework.security.config.annotation.web.builders.FilterComparator built-in security filter sorting rules to check whether the Filter is registered. When it is not registered, it will throw "does not have a registered order", and it will be resolved. The method is to manually provide the registration order, call org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterBefore or org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterAfter to register in a built-in filter Before or after. please chcek the spring security internal filters sort "https://docs.spring.io/spring-security/site/docs/5.4.2/reference/html5/#servlet-security-filters". -- Please forgive me if I can't write well in English.

Share:
15,108
Jonathan Lebrun
Author by

Jonathan Lebrun

Updated on July 23, 2022

Comments

  • Jonathan Lebrun
    Jonathan Lebrun almost 2 years

    I try to add Rest authentication by token to my app. I created a simple filter doing nothing else print a message :

    public class RestAuthenticationProcessingFilter extends GenericFilterBean {

    @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
        System.out.println(arg0);
        // EDIT 25/02/2014
        arg2.doFilter(arg0,arg1);
    }
}

    I'm using Spring 4.0 and Spring Security 3.2 with JavaConfig.

    I added this in my adapter : 

    @Override
protected void configure(HttpSecurity http) throws Exception {
    /*
     * @RemarqueDev Différence entre permitAll et anonymous : permitAll
     * contient anonymous. Anonymous uniquement pour non connecté
     */
     http.addFilter(new RestAuthenticationProcessingFilter());
     http.csrf().disable().headers().disable();
     http.exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint());
}

    When I run jetty server, I receive this message: 

    Nested in org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] threw exception; nested exception is java.lang.IllegalArgumentException: The Filter class my.package.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.:
java.lang.IllegalArgumentException: The Filter class com.jle.athleges.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.
    at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilter(HttpSecurity.java:1122)

    Why?

  • Jonathan Lebrun
    Jonathan Lebrun about 10 years
    It is working but now, when I go to login page, I receive a 404 page not found. I added this code : http.addFilterBefore(new RestAuthenticationProcessingFilter(),UsernamePasswordAuthent‌​icationFilter.class And a line of code in my filter (I edit the code in my original post) But it is working with other non-secure page Thanks a lot

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Spring security oauth2 - getting custom data from OAuth2 principal
Spring boot - POST method not allowed
Spring security - creating 403 Access denied custom response
How to secure REST API with Spring Boot and Spring Security?
An Authentication object was not found in the SecurityContext in a REST Server
spring security get user id from DB
Integrating Spring Security with SiteMinder
RestEasy - UnsupportedMediaTypeException: Cannot consume content type
Spring Security get user info in rest service, for authenticated and not authenticated users
No resource found for class in CXF rest services