Grails Spring安全身份验证提供程序和自定义过滤器

Question

I'm new to the grails language and am using grails 2.5.6 with spring-security-core 2.0.0 plugin at work.

I've defined my provider as this in the config.groovy file:

grails.plugin.springsecurity.providerNames = [
    'myCustomAuthenticationProvider',
    'anonymousAuthenticationProvider',
    'rememberMeAuthenticationProvider'
]

and my filter as:

grails.plugin.springsecurity.filterChain.filterNames = [
    'securityContextPersistenceFilter',
    'myCustomFilter',
    'exceptionTranslationFilter', 
    'anonymousAuthenticationFilter',
    'filterInvocationInterceptor'
]

My resources.groovy file:

myCustomAuthenticationProvider(MyCustomAuthenticationProvider)
myCustomFilter(myCustomFilter)

Both my filter and provider are java classes provided by a jar. The filter extends OncePerRequestFilter and has the AuthenticationManager and AuthenticationEntryPoint injected. My provider implements AuthenticationProvider

The problem is when I put a debug point in my filter to see the AuthenticationManager and see the `AuthenticationProviders that are in it's list, I don't see my custom provider at all. I still see the default spring-security-core plugin providers.

I also don't understand why my custom filter gets initiated even if I remove it from the list of filters. It seems like just defining it in the resources.groovy file is enough for it to get initiated.

Just realized that the reason it gets initiated is because on startup it is being added to the spring container.

Thanks

Answer 1

Figured it out. I ended up not defining the filterNames and in my resources.groovy file I have this:

authenticationProcessingFilter(MyCustomFilter) {
    ...args
}

And the issue with my provider on construction getting the providers doesn't matter. Turns out spring security core doesn't change it until after that.