issue

  • An unexpected error occurred while trying to add custom Filter to Security interception chain.
  • If I inject this custom Filter into the Spring container, it will work, but will not appear on the Security interception chain, and will become a normal global Filter.

Code

-----------------Filter-----------------
@Component
@Slf4j
public class JwtAuthorizationTokenFilter extends OncePerRequestFilter {
    @SuppressWarnings("all")
    @Override
    protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
            final FilterChain chain) throws ServletException, IOException {
        xxx
        chain.doFilter(request, response);
    }
}
-------------SecurityConfig----------------
@Autowired
JwtAuthorizationTokenFilter jwtFilter;

http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
  • For example, the execution order does not meet the expectations of methods such as addFilterBefore, and the static resource filtering set by WebSecurity does not take effect on this custom Filter.

Verification

  • If I delete the injection and change the assembly to the original New object,this problem will be solved.
http.addFilterBefore(new JwtAuthorizationTokenFilter(), UsernamePasswordAuthenticationFilter.class);

P.S.

  • Maybe I was too noob about using SpirngMVC and Security in the wrong way.

Comment From: jzheaux

Thanks for getting in touch, @ButchQiuQiu, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.

Briefly, though, the Spring Boot reference explains that it scans the application context for beans of type Filter, adding them as global filters.

Comment From: ButchQiuQiu

Thanks for getting in touch, @ButchQiuQiu, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.

Briefly, though, the Spring Boot reference explains that it scans the application context for beans of type Filter, adding them as global filters.

Thinks for your responce.