How to replace UsernamePasswordAuthenticationFilter in Spring Security
Question
Using XML configuration would be like
<custom-filter position="FORM_LOGIN_FILTER" ref="SCAAuthenticationFilter" />.
Without XML would be like:
httpSecurity.addFilter(new SCAAthenticationFilter())
It seems that spring doesn't replace UsernamePasswordAuthenticationFilter , but adds my filter before.
2 answers
solution1
2 2016-08-16 21:42:40
If you take a look to FormLoginConfigurer you will see that the UsernamePasswordAuthenticationFilter is created and inserted to AbstractAuthenticationFilterConfigurer constructor then there it is assigned to final F authFilter so there is no way to replace it in Spring Security 4.1
addFilter() will simply add another filter to filter list
solution2
0 2014-09-11 12:24:36
I'd guess you must have either had <form-login> or had <http auto-config="true"> in your configuration. Unless either of these are present, Spring Security won't add a UsernamePasswordAuthenticationFilter automatically. The URL for submitting the form and the parameter names are all configurable properties of the filter, which your custom version didn't override, hence the difference.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.