Spring boot custom filter is not working

java spring spring-boot spring-security filter
18,791

This is how I solved it

Added WebSecurityConfig as 

@EnableWebSecurity //(debug = true) // when you want to see what filters are applied
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests()
        .antMatchers("/css/**", "/js/**", "/images/**", "/static/**", "/**/favicon.ico").permitAll()
        .antMatchers(HttpMethod.POST, "/login").permitAll()
        .antMatchers("/rest/*").permitAll()
        .antMatchers("/").permitAll()
        .anyRequest().authenticated();
  }
}

and then added Filters

package com.hhimanshu.secure.auth.filters;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.hhimanshu.secure.auth.AppTokenProviderAndAuthenticator;
import com.hhimanshu.secure.auth.GoogleTokenVerifier;
import com.hhimanshu.secure.common.InvalidTokenException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class LoginFilter implements Filter {

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    System.out.println("init /login filter");
  }

  @Override
  public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
      FilterChain filterChain) throws IOException, ServletException {

    String idToken = ((HttpServletRequest) servletRequest).getHeader("X-ID-TOKEN");
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    System.out.println("filtered /login request: " + idToken);

    if (idToken != null) {
      final Payload payload;
      try {
        payload = GoogleTokenVerifier.verify(idToken);
        if (payload != null) {
          // TODO: 5/6/17 get this username from DB (createOrGet)
          String username = "myUniqueUser";
          AppTokenProviderAndAuthenticator.addAuthentication(response, username);
          filterChain.doFilter(servletRequest, response);
          return;
        }
      } catch (GeneralSecurityException | InvalidTokenException e) {
        // This is not a valid token, we will send HTTP 401 back
      }
    }
    ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED);
  }

  @Override
  public void destroy() {
  }
}

and 

package com.hhimanshu.secure.auth.filters;

import static com.hhimanshu.secure.auth.AppTokenProviderAndAuthenticator.addAuthentication;
import static com.hhimanshu.secure.auth.AppTokenProviderAndAuthenticator.getUserFromToken;

import java.io.IOException;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;

@Component
public class RestFilter implements Filter {

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    System.out.println("init /rest/* filter");
  }

  @Override
  public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
      FilterChain filterChain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;

    System.out.println("Token Filter pathInfo:" + request.getRequestURI());

    Optional<String> userFromToken = getUserFromToken(request);
    if (!userFromToken.isPresent()) {
      response.sendError(HttpStatus.UNAUTHORIZED.value());
      return;
    }

    addAuthentication(response, userFromToken.get());
    filterChain.doFilter(request, servletResponse);
  }

  @Override
  public void destroy() {
  }
}

and registered the filter as 

package com.hhimanshu.secure.auth.filters;

import java.util.Collections;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class Filters {

  @Bean
  public FilterRegistrationBean loginRegistrationBean() {
    System.out.println("Setting up loginRegistrationBean");
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(new LoginFilter());
    filterRegistrationBean.setUrlPatterns(Collections.singletonList("/login/*"));
    return filterRegistrationBean;
  }

  @Bean
  public FilterRegistrationBean restRegistrationBean() {
    System.out.println("Setting up restRegistrationBean");
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(new RestFilter());
    filterRegistrationBean.setUrlPatterns(Collections.singletonList("/rest/*"));
    return filterRegistrationBean;
  }
}

and then it started to work 

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.3.RELEASE)

2017-05-09 15:32:42.551  INFO 88944 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : Starting ServerApplication on HHimanshu-MBR64.local with PID 88944 (/Users/Harit.Himanshu/IdeaProjects/q2/server/target/classes started by Harit.Himanshu in /Users/Harit.Himanshu/IdeaProjects/q2/server)
2017-05-09 15:32:42.553  INFO 88944 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : No active profile set, falling back to default profiles: default
2017-05-09 15:32:42.613  INFO 88944 --- [  restartedMain] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5164cfb9: startup date [Tue May 09 15:32:42 NZST 2017]; root of context hierarchy
2017-05-09 15:32:43.472  INFO 88944 --- [  restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)
2017-05-09 15:32:43.480  INFO 88944 --- [  restartedMain] o.apache.catalina.core.StandardService   : Starting service Tomcat
2017-05-09 15:32:43.481  INFO 88944 --- [  restartedMain] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/8.5.14
2017-05-09 15:32:43.524  INFO 88944 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2017-05-09 15:32:43.525  INFO 88944 --- [ost-startStop-1] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 914 ms
Setting up loginRegistrationBean
Setting up restRegistrationBean
2017-05-09 15:32:43.622  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2017-05-09 15:32:43.623  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2017-05-09 15:32:43.623  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2017-05-09 15:32:43.623  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'loginFilter' to urls: [/login/*]
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'restFilter' to urls: [/rest/*]
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Filter restFilter was not registered (possibly already registered?)
2017-05-09 15:32:43.624  INFO 88944 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
init /login filter
init /rest/* filter
2017-05-09 15:32:43.830  INFO 88944 --- [  restartedMain] b.a.s.AuthenticationManagerConfiguration : 

Using default security password: b5705a6c-418d-44b1-8ec0-04d1094693f8

2017-05-09 15:32:43.911  INFO 88944 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@4494ada7, org.springframework.security.web.context.SecurityContextPersistenceFilter@155437e7, org.springframework.security.web.header.HeaderWriterFilter@1e35a1a1, org.springframework.security.web.authentication.logout.LogoutFilter@5f1a3502, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2f5ae09c, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@244b340d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@66f2d458, org.springframework.security.web.session.SessionManagementFilter@76507fe1, org.springframework.security.web.access.ExceptionTranslationFilter@74272ac7, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3619c72b]
2017-05-09 15:32:43.965  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5164cfb9: startup date [Tue May 09 15:32:42 NZST 2017]; root of context hierarchy
2017-05-09 15:32:43.997  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/rest/hello],methods=[GET]}" onto public java.lang.String com.hhimanshu.secure.api.HelloWorldService.sayHello()
2017-05-09 15:32:43.998  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/login],methods=[POST]}" onto public void com.hhimanshu.secure.api.LoginService.authenticate()
2017-05-09 15:32:43.999  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/rest/tweets],methods=[GET]}" onto public java.lang.String com.hhimanshu.secure.api.TweetsService.tweets()
2017-05-09 15:32:44.002  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2017-05-09 15:32:44.003  INFO 88944 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2017-05-09 15:32:44.022  INFO 88944 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 15:32:44.022  INFO 88944 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 15:32:44.044  INFO 88944 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 15:32:44.058  INFO 88944 --- [  restartedMain] oConfiguration$WelcomePageHandlerMapping : Adding welcome page: class path resource [static/index.html]
2017-05-09 15:32:44.117  INFO 88944 --- [  restartedMain] o.s.b.d.a.OptionalLiveReloadServer       : LiveReload server is running on port 35729
2017-05-09 15:32:44.150  INFO 88944 --- [  restartedMain] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2017-05-09 15:32:44.188  INFO 88944 --- [  restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http)
2017-05-09 15:32:44.192  INFO 88944 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : Started ServerApplication in 2.112 seconds (JVM running for 2.425)
2017-05-09 15:32:49.114  INFO 88944 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-09 15:32:49.114  INFO 88944 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started
2017-05-09 15:32:49.123  INFO 88944 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 9 ms
Token Filter pathInfo:/rest/goobar
filtered /login request: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5qw
validating:eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5qw
Token Filter pathInfo:/rest/tweets
filtered /login request: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5q
validating:eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ2UHItSWR5MGc2TDlQTzZ0V1UtdFBBIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI5NjQ3MSwiZXhwIjoxNDk0MzAwMDcxLCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.kU6tkNvfqaWrcj6UhptCHT8_JzP89wM_GdRFeqwgr3mbZCaT_k_lV3TbYbV-m_yBXQcTUe0vmxLYrpF2myJevSczK3jVTHpFM2xdQsN0Vxi9JgLIChpoKBDLQIcFyacOYq2UGXQzOq1atEjqNoXeaPEsKYk9E2coGEJZ0RQmthnJ0GtNMnZlF_djds_yV0LSOjbeWPS2gCGjk__WFsSr8rBWh9xG8hoBBY8E94k4zPVzEgb18UhN3_ghrOV30j7UVGETSkFIaQeL0oJ6KEptY_O-kjCQgdy_Ji0GH7OIQ9bqG4UjgEDUbVqC97X1s5QcHQ19rjE8RbA3sPL2zQT5q
Token Filter pathInfo:/rest/hello
filtered /login request: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ3VU1RcG9DemRfYm9jaEJEMjBlYkhRIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI3Nzg2NSwiZXhwIjoxNDk0MjgxNDY1LCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.hQSvNFuh7MBNhHjpmAT40xi43Siyz2xF6j1kQ2cvvc-sB-5wDDgHOfKJFzvktYUQrT0Vso-d9Vdq4gmLyfwGBfWEkj1dNNZIn5IE4RWG4gKYrQkT2iDDI_9d1QyqYNPmdgP_RGlszMoL4Le5s1QXMU9p-Uj39-2dIwD2ska-n3ebH7fPv1iBkCOibnbuCtadn5NqTmJ-NtJ5nRhXNyiuK3QNV83g2w17cDnZF_s2pNLHPNWaciuJpqiVOhzS_3l4OL82yYv0O7vKc8wOjwz8B8izyCh-oI3wGe7puFqrsf_Sl2WMKrm4B7pc20x3XuaKgGLdRaIXpwSS8sh8jMHiaA
validating:eyJhbGciOiJSUzI1NiIsImtpZCI6IjdlM2Q4MDg3NjU1ZWRkMTVjMmU0MjdiODA2ZWQ5MTM1NGRkZGU4ZDUifQ.eyJhenAiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMDU5MzYzNDM3OTQtOWhxMzNnM3VxZHJxa3JycXEyMGZuYTBrMDZjMnU5YnAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDAyMTY2OTY4MzI0NzA0MzE1MDciLCJlbWFpbCI6Imhhcml0LnN1YnNjcmlwdGlvbnNAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJ3VU1RcG9DemRfYm9jaEJEMjBlYkhRIiwiaXNzIjoiYWNjb3VudHMuZ29vZ2xlLmNvbSIsImlhdCI6MTQ5NDI3Nzg2NSwiZXhwIjoxNDk0MjgxNDY1LCJuYW1lIjoiSGFyaXQgSGltYW5zaHUiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1fbFhqMk9VbVRuZy9BQUFBQUFBQUFBSS9BQUFBQUFBQUFDTS9YYU5jMTJadGV5OC9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiSGFyaXQiLCJmYW1pbHlfbmFtZSI6IkhpbWFuc2h1IiwibG9jYWxlIjoiZW4ifQ.hQSvNFuh7MBNhHjpmAT40xi43Siyz2xF6j1kQ2cvvc-sB-5wDDgHOfKJFzvktYUQrT0Vso-d9Vdq4gmLyfwGBfWEkj1dNNZIn5IE4RWG4gKYrQkT2iDDI_9d1QyqYNPmdgP_RGlszMoL4Le5s1QXMU9p-Uj39-2dIwD2ska-n3ebH7fPv1iBkCOibnbuCtadn5NqTmJ-NtJ5nRhXNyiuK3QNV83g2w17cDnZF_s2pNLHPNWaciuJpqiVOhzS_3l4OL82yYv0O7vKc8wOjwz8B8izyCh-oI3wGe7puFqrsf_Sl2WMKrm4B7pc20x3XuaKgGLdRaIXpwSS8sh8jMHiaA
Share:
18,791
daydreamer
Author by

daydreamer

Hello Viewer, Some of the places to see my work are BonsaiiLabs My Website

Updated on June 04, 2022

Comments

  • daydreamer
    daydreamer almost 2 years

    I have 2 filters as 

    @WebFilter(urlPatterns = "/rest/*")
public class TokenFilter implements Filter {

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    System.out.println("filtering /rest/* requests");
  }

  @Override
  public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
      FilterChain filterChain) throws IOException, ServletException {
    System.out.println("Matching /rest/* request");

    HttpServletRequest request = (HttpServletRequest) servletRequest;

    HttpServletResponse response = (HttpServletResponse) servletResponse;
    Optional<String> userFromToken = getUserFromToken(request);

    if (!userFromToken.isPresent()) {
      response.sendError(HttpStatus.UNAUTHORIZED.value());
      return;
    }

    System.out.println("filtered /rest request for " + userFromToken.get());
    addAuthentication(response, userFromToken.get());
    filterChain.doFilter(servletRequest, response);
  }

  @Override
  public void destroy() {

  }
}

    and 

    @WebFilter(urlPatterns = "/login")
public class AppLoginFilter implements Filter {



  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    System.out.println("filtering /login/ requests");
  }

  @Override
  public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
      FilterChain filterChain) throws IOException, ServletException {
    System.out.println("Matching /login/ request");

    HttpServletRequest request = (HttpServletRequest) servletRequest;

    String idToken = ((HttpServletRequest) servletRequest).getHeader("X-ID-TOKEN");
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    System.out.println("filtered /login request: " + idToken);

    if (idToken != null) {
      final Payload payload;
      try {
        payload = GoogleTokenVerifier.verify(idToken);
        if (payload != null) {
          // TODO: 5/6/17 get this username from DB (createOrGet)
          final String username = "myUniqueUser";
          AppTokenProviderAndAuthenticator.addAuthentication(response, username);
          filterChain.doFilter(servletRequest, response);
          return;
        }
      } catch (GeneralSecurityException | InvalidTokenException e) {
        // This is not a valid token, we will send HTTP 401 back
      }
    }
    ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED);
  }

  @Override
  public void destroy() {

  }
}

    and my Application as 

    import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.ServletComponentScan;

@ServletComponentScan
@SpringBootApplication
public class ServerApplication {
  public static void main(String[] args) {
    SpringApplication.run(ServerApplication.class, args);
  }
}

    When I start my application, I see following in log

     /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.3.RELEASE)

2017-05-09 13:28:40.841  INFO 80936 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : Starting ServerApplication on HHimanshu-MBR64.local with PID 80936 (/Users/Harit.Himanshu/IdeaProjects/q2/server/target/classes started by Harit.Himanshu in /Users/Harit.Himanshu/IdeaProjects/q2/server)
2017-05-09 13:28:40.841  INFO 80936 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : No active profile set, falling back to default profiles: default
2017-05-09 13:28:40.887  INFO 80936 --- [  restartedMain] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4e0339c5: startup date [Tue May 09 13:28:40 NZST 2017]; root of context hierarchy
2017-05-09 13:28:41.787  INFO 80936 --- [  restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)
2017-05-09 13:28:41.793  INFO 80936 --- [  restartedMain] o.apache.catalina.core.StandardService   : Starting service Tomcat
2017-05-09 13:28:41.794  INFO 80936 --- [  restartedMain] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/8.5.14
2017-05-09 13:28:41.838  INFO 80936 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2017-05-09 13:28:41.838  INFO 80936 --- [ost-startStop-1] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 954 ms
2017-05-09 13:28:41.931  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2017-05-09 13:28:41.931  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2017-05-09 13:28:41.931  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2017-05-09 13:28:41.931  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2017-05-09 13:28:41.932  INFO 80936 --- [ost-startStop-1] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2017-05-09 13:28:41.932  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'com.hhimanshu.secure.auth.filters.AppLoginFilter' to urls: [/login]
2017-05-09 13:28:41.932  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'com.hhimanshu.secure.auth.filters.TokenFilter' to urls: [/rest/*]
2017-05-09 13:28:41.932  INFO 80936 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
filtering /login/ requests
filtering /rest/* requests
2017-05-09 13:28:42.089  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4e0339c5: startup date [Tue May 09 13:28:40 NZST 2017]; root of context hierarchy
2017-05-09 13:28:42.120  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/rest/hello],methods=[GET]}" onto public java.lang.String com.hhimanshu.secure.api.HelloWorld.sayHello()
2017-05-09 13:28:42.120  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/login],methods=[POST]}" onto public void com.hhimanshu.secure.api.Login.authenticate()
2017-05-09 13:28:42.123  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2017-05-09 13:28:42.123  INFO 80936 --- [  restartedMain] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2017-05-09 13:28:42.141  INFO 80936 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 13:28:42.142  INFO 80936 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 13:28:42.164  INFO 80936 --- [  restartedMain] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-05-09 13:28:42.175  INFO 80936 --- [  restartedMain] oConfiguration$WelcomePageHandlerMapping : Adding welcome page: class path resource [static/index.html]
2017-05-09 13:28:42.278  INFO 80936 --- [  restartedMain] b.a.s.AuthenticationManagerConfiguration : 

Using default security password: d1915adb-5af3-48a2-b716-a87141be0fed

2017-05-09 13:28:42.305  INFO 80936 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/css/**'], Ant [pattern='/js/**'], Ant [pattern='/images/**'], Ant [pattern='/webjars/**'], Ant [pattern='/**/favicon.ico'], Ant [pattern='/error']]], []
2017-05-09 13:28:42.349  INFO 80936 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/**']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1142b9af, org.springframework.security.web.context.SecurityContextPersistenceFilter@23f70e9, org.springframework.security.web.header.HeaderWriterFilter@476d93e7, org.springframework.security.web.authentication.logout.LogoutFilter@5e7064a4, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@605326d1, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4a058da6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4b32f03e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3a8a09e6, org.springframework.security.web.session.SessionManagementFilter@6a816ad4, org.springframework.security.web.access.ExceptionTranslationFilter@2ab3c6b5, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@474d7d8f]
2017-05-09 13:28:42.389  INFO 80936 --- [  restartedMain] o.s.b.d.a.OptionalLiveReloadServer       : LiveReload server is running on port 35729
2017-05-09 13:28:42.425  INFO 80936 --- [  restartedMain] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2017-05-09 13:28:42.464  INFO 80936 --- [  restartedMain] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http)
2017-05-09 13:28:42.468  INFO 80936 --- [  restartedMain] com.hhimanshu.secure.ServerApplication   : Started ServerApplication in 1.779 seconds (JVM running for 2.088)
2017-05-09 13:28:47.546  INFO 80936 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-09 13:28:47.546  INFO 80936 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started
2017-05-09 13:28:47.556  INFO 80936 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 10 ms

    So the beans are registered, however, when I hit the URL 

    curl -v -H "Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJteVVuaXF1ZVVzZXIiLCJleHAiOjE0OTUwMDA3NjV9.B4Ax_BIkrW044rwVnN-qvLcT9r0JzP4VCECjExp3yTFqv4STNmEiG4LNBHU-BXjAOSgt9xuLV7LhVXPKLYApbQ" http://localhost:8080/rest/hello
*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /rest/hello HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJteVVuaXF1ZVVzZXIiLCJleHAiOjE0OTUwMDA3NjV9.B4Ax_BIkrW044rwVnN-qvLcT9r0JzP4VCECjExp3yTFqv4STNmEiG4LNBHU-BXjAOSgt9xuLV7LhVXPKLYApbQ
>
< HTTP/1.1 401
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Tue, 09 May 2017 01:28:47 GMT
<
* Connection #0 to host localhost left intact
{"timestamp":1494293327580,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/rest/hello"}

    they are not intercepted by /rest/* pattern as described in TokenFilter.

    Also, my static resources are filtered behind the authentication (which I do not want)

    ✗ curl -v http://localhost:8080/
*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 401
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Tue, 09 May 2017 01:28:54 GMT
<
* Connection #0 to host localhost left intact
{"timestamp":1494293334189,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/"}%                                                           ➜  server git:(jwt) ✗

    Where did I made the mistake?

  • Soheil Rahsaz
    Soheil Rahsaz about 4 years
    When I do this and deploy it on external tomcat it says: one or more filters failed to start. could you help me?
  • Mohammad Awwaad
    Mohammad Awwaad almost 4 years
    You shouldn't annotate RestFilter with @Component sence you are going to register it manually.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Spring security 401 Unauthorized even with permitAll
Spring Security: Cannot determine value type from string 'admin'
how to achieve Ldap Authentication using spring security(spring boot)
Spring Boot/ Spring Security, login form, password checking
Java Spring Security - User.withDefaultPasswordEncoder() is deprecated?
Access is Always Denied in Spring Security - DenyAllPermissionEvaluator
How to enable CORS at Spring Security level in Spring boot
SpringBoot, how to Authenticate with LDAP without using ldif?
Spring Boot Security Anonymous authorization
How to add csrf token to the html form?