Describe the bug
Do not execute the initFilterBean method when a filter is defined within the SecurityFilterChain bean definition.
Spring-boot-parent 2.7.0
Spring-security-web 3.3.10 RELEASE.
Comment From: rwinch
Spring Security does not invoke any lifecycle methods on objects that are instantiated outside of it's DSL as it is not aware if the methods have already been invoked.
The method initFilterBean is only used for a Filter registered directly with the servlet container and unnecessary for cases where you are initializing it in Spring. Rather than initializing uidRestClient in the initFilterBean method, I'd suggest injecting the uidRestClient into the AuthorizationFilter instead. For example:
@Bean
DefaultSecurityFilterChain springSecurity(HttpSecurity http, UIDMicroRestClient uidRestClient) throws Exception {
http
.addFilterAfter(new AuthorizationFilter(uidRestClient), BasicAuthenticationFilter.class)
...
return http.build();
}
@Bean
UIDMicroRestClient uidRestClient(Environment env) {
return new UIDMicroRestClient(...);
}
Comment From: asanera
Thank you very much! Sorry for the inconvenience.