How to apply spring boot filter based on URL pattern?

java spring filter spring-boot annotations

48,722

Solution 1

You can add a filter like this:

@Bean
public FilterRegistrationBean someFilterRegistration() {

    FilterRegistrationBean registration = new FilterRegistrationBean();
    registration.setFilter(someFilter());
    registration.addUrlPatterns("/url/*");
    registration.addInitParameter("paramName", "paramValue");
    registration.setName("someFilter");
    registration.setOrder(1);
    return registration;
} 

@Bean(name = "someFilter")
public Filter someFilter() {
    return new SomeFilter();
}

Solution 2

There is another option if you are able to extend OncePerRequestFilter. For example:

public class SomeFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        // your filter logic ....
    }

    @Override
    protected boolean shouldNotFilter(HttpServletRequest request) {
        String path = request.getServletPath();
        return !path.startsWith("/api/secure/");
    }
}

Solution 3

@user1283002 I think it's possible to do using @WebFilter. I just stumbled upon this article. As per the article (haven't tried myself):

@WebFilter(urlPatterns = "/api/count")
public class ExampleFilter implements Filter{
    // ..........
}

// and let Spring know to scan to find such @WebFilter annotation in your config
// class by using the @ServletComponentScan annotation like

@ServletComponentScan
@SpringBootApplication
public class MyApplication extends SpringBootServletInitializer {

    public static void main(String[] args) throws Exception {
        SpringApplication.run(MyApplication.class, args);
    }

   // ..........

}

EDIT: After further reading the docs for the @ServletComponentScan I came across an interesting disclaimer

Scanning is only performed when using an embedded webserver

Which means that when deploying our application in a web container (eg: Apache Tomcat) this class won't get scanned by the Spring framework and therefore any spring config on it (if any) won't be applied.

If there is no Spring config to be made you are good to go without any further changes, if not just add the @Component scan to the filter and make sure it's package is in the path of your @ComponentScan annotation.

48,722

user1283002

Updated on July 09, 2022

Comments

user1283002 almost 2 years
I have created a spring boot filter - implements GenericFilterBean with @Component annotation.
```
@Component 
public class MyAuthenticationFilter  extends GenericFilterBean {
...
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
...
}
}
```
The filter is automatically identified by the Spring Boot Framework and works fine for all of the REST API. I want this filter to apply only on a certain URL path, such as /api/secure/* but I can't find the right way. I tried @WebFilter but it didn't work. I'm not using XML configuration or servlet initializer - just the annotations.

What would be the correct way to get it working?
user1283002 over 7 years

It is still strange to me why it can't be resolved by an annotation like the @WebFilter, but this works perfectly for me. Thanks!
XZen over 6 years

Is it possible to do it via annotations?
Adrian Madaras almost 5 years

This was just what I was looking for. Ty