AbstractAuthenticationProcessingFilter: doFilter gets hit, but `attemptAuthentication` is not
I have the following definition filter
:
@Component
public class JWTAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
@Autowired
private UserDetailsService customUserDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
private static Logger logger = LoggerFactory.getLogger(JWTAuthenticationFilter.class);
private final static UrlPathHelper urlPathHelper = new UrlPathHelper();
public JWTAuthenticationFilter() {
super("/**"); // what should I pass here ?
setAuthenticationManager(new NoOpAuthenticationManager());
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
Authentication authentication = AuthenticationService.getAuthentication((HttpServletRequest) request, customUserDetailsService);
return authentication;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
filterChain.doFilter(request, response);
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,FilterChain chain, Authentication authentication) throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authentication);
logger.debug("successful authentication while attempting to access " + urlPathHelper.getPathWithinApplication((HttpServletRequest) request));
}
@Override
protected void unsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationException failed)
throws IOException, ServletException {
logger.debug("failed authentication while attempting to access " + urlPathHelper.getPathWithinApplication((HttpServletRequest) request));
}
}
and the following two methods configure
in web config for my Spring security:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.addFilterBefore(jwtAuthenticationFilter,
UsernamePasswordAuthenticationFilter.class);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/login**", "/signup**");
}
There are a couple of problems with this code:
- I don't want the filter to exit when calls are made to endpoints
/login
and/signup
, butdoFilter
still gets hit even when these two endpoints are called. -
attemptAuthentication
,successfulAuthentication
andunsuccessfulAuthentication
do not fall, butdoFilter
does. What for? why are these methods not called?
What's going on here? and why?
+2
source to share
1 answer
Try this (but not tested!):
public class JWTAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
@Autowired
private UserDetailsService customUserDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
private static Logger logger = LoggerFactory.getLogger(JWTAuthenticationFilter.class);
private final static UrlPathHelper urlPathHelper = new UrlPathHelper();
public JWTAuthenticationFilter() {
super("/**"); // what should I pass here ?
setAuthenticationManager(new NoOpAuthenticationManager());
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
Authentication authentication = AuthenticationService.getAuthentication((HttpServletRequest) request, customUserDetailsService);
return authentication;
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,FilterChain chain, Authentication authentication) throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authentication);
logger.debug("successful authentication while attempting to access " + urlPathHelper.getPathWithinApplication((HttpServletRequest) request));
}
@Override
protected void unsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationException failed)
throws IOException, ServletException {
logger.debug("failed authentication while attempting to access " + urlPathHelper.getPathWithinApplication((HttpServletRequest) request));
}
}
In the config file:
@Bean("jwtAuthenticationFilter")
public LoginRequestFilter jwtAuthenticationFilter(){
LoginRequestFilter filter = new LoginRequestFilter();
filter.setAuthenticationManager(authenticationManager);
filter.setAuthenticationSuccessHandler(successHandler);
filter.setAuthenticationFailureHandler(failureHandler);
//filter.setAuthenticationFailureHandler(failureHandler);
return filter;
}
and add this also
http.authorizeRequests().and()
.addFilterAt(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
0
source to share