• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

spring with alternate filter in the filterChainProxy

Ranch Hand
Posts: 287
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I used spring security to do authentication and authorization, alone with some common filters, like authenticationProcessingFilter, and with value setup in the spring security configuration file, like '/' for defaultTargetUrl, '/j_spring_security_check' for filterProcessesUrl. But I would like to provide a url that can be accessed by the third party that is directly accessed from the outside, which means the user from the third party has no need to do authentication again and I need convert some value from there match roles in my application.

If I create another filter to handle this access request from the third party, then how could I setup properly to allow this access bypassing login page? Or, when a user login normally from login page, how to prevent this user not going through filter that does process users from the third party?

I only know I could create a chain of filters in the bean filterChainProxy. But how to setup an alternate filter, or is it possible to run filter based on some condition?
Posts: 17347
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, you can replace or add filters to the chain.

But based on what you are looking to accomplish, there is a RememberMeService that you can use instead. So the third party could have a cookie on their machine and the cookie has an encrypted user name, and with remember me, it will just lookup the user in your user/roles tables location of data and create a Principal from that automatically. So you don't have to do any customization. In your security configuration like <security:http> tag you use the <remember-me> tag inside it. The <remember-me> tag also has a property to set the RememberMeService if you want to write your own customized RememberMeService rather than the built in one.

Check out Spring Security documentation at www.springframework.org for more information. But it really is simple to use and customize.

The Doc also have how you create your own filter in which you implement the Spring Security Filter interface, then in your Spring Security configuration you add it as a bean and set a property to a Constant value stating where in the chain you want your filter.

Hope that helps point you in the correct directions.

Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic