身份验证过滤器不适用于SpringBoot

Question

I am developing an application with Spring Boot + spring security. For the same i have defined a filter as.

 @Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
        .authorizeRequests()
        .antMatchers("/authtoken").permitAll()
        .antMatchers("/authenticate**").permitAll()
        .antMatchers("/authfailure").permitAll()
        .antMatchers("/**").authenticated()
        .and()
            .addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class)
            .addFilterAfter(accessFilter, UsernamePasswordAuthenticationFilter.class)
            .authenticationProvider(tokenAuthenticationProvider)
            .antMatcher("/**").exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);

}

Where tokenFilter is an instance of AuthTokenFilter(class that has code for authentication and is injected to using @inject) .

AuthTokenFilter implements methods of Filter interface as.

 public class AuthTokenFilter implements Filter {
 ServletContext sc ;
 @Override
  public void init(FilterConfig fc) throws ServletException {
    sc = fc.getServletContext();
   }

  @Override
   public void doFilter(ServletRequest req, ServletResponse res, FilterChain  fc) throws IOException, ServletException {
 ------- 
 ------- 
 }

My issue is when I run the app using SpringBoot , it runs fine. But when I create a war out of it and run the same in a tomcat, neither the init nor the doFilter are invoked for the request. Hence it returns unauthorized.

Same happens for accessFilter.

Does anyone know the reason behind this behavior? or What changes I need to make to get my app working on tomcat?

Answer 1

What Tomcat version you use?

I am not sure, but try this:

In declaration of class AuthTokenFilter, add the anotation @Component

I have one project with filter and only write:

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCORSFilter implements Filter ...

.