Spring Security JeeConfigurer is too inflexible, almost unusable

Expected Behavior

It is not posible to configure J2eePreAuthenticatedProcessingFilter further using JeeConfigurer.

Simple things like adding an authenticationFailureHandler force us to basically rewrite everything of what is already handled in JeeConfigurer.getFilter method, making the configurer useless.

It should be a way to get at least a default configured instance of the Filter allowing the developer to replace only the necessary properties instead of a full rewrite.

Current Behavior

JeeConfigurer is too strict and offers no posibility to configure J2eePreAuthenticatedProcessingFilter other than providing a new an manually configured instance.

Context

Comment From: jzheaux

Hi, @dahool, thanks for the report.

It should be a way to get at least a default configured instance of the Filter

You can do this with an object post-processor, like so:

http.jee((jee) -> jee.withObjectPostProcessor(
    new ObjectPostProcessor<J2eePreAuthenticatedProcessingFilter>() {
        @Override
        public <O extends J2eePreAuthenticatedProcessingFilter> O postProcess(O object) {
            object.setAuthenticationFailureHandler(...);
            return object;
        }
    }
);