stackoom
  简体   繁体   中英

Prevent Spring Boot from registering a servlet filter

 原文  2015-02-10 00:18:00       spring/ spring-security/ spring-boot

Question

I have a Spring Boot WebMVC application, and a bean that inherits from AbstractPreAuthenticatedProcessingFilter which I am explicitly adding to a specific spot in the Spring Security filter chain. My Spring Security configuration looks like this:

<http pattern="/rest/**">
  <intercept-url pattern="/**" access="ROLE_USER"/>
  <http-basic/>
  <custom-filter after="BASIC_AUTH_FILTER" ref="preAuthenticationFilter"/>
</http>

<beans:bean id="preAuthenticationFilter" class="a.b.PreAuthenticationFilter">
  <beans:property name="authenticationManager" ref="customAuthenticationManager"/>
</beans:bean>

The security configuration works. The problem is, because the PreAuthenticationFilter class inherits from AbstractPreAuthenticatedProcessingFilter, Spring Boot treats it as a general purpose servlet filter and is adding it to the servlet filter chain for all requests. I don't want this filter to be part of the filter chain for all requests. I only want it to be part of the specific Spring Security filter chain that I've configured. Is there a way to prevent Spring Boot from automatically adding the preAuthenticationFilter bean to the filter chain?

4 answers

solution1
 45 ACCPTED  2015-02-10 09:28:23

By default Spring Boot creates a FilterRegistrationBean for every Filter in the application context for which a FilterRegistrationBean doesn't already exist. This allows you to take control of the registration process, including disabling registration, by declaring your own FilterRegistrationBean for the Filter . For your PreAuthenticationFilter the required configuration would look like this: 

@Bean
public FilterRegistrationBean registration(PreAuthenticationFilter filter) {
    FilterRegistrationBean registration = new FilterRegistrationBean(filter);
    registration.setEnabled(false);
    return registration;
}

You may also be interested in this Spring Boot issue which discusses how to disable the automatic registration of Filter and Servlet beans.

solution2
 6  2015-11-28 02:45:34

If you want to unregister all filters at one time here's my trick: 

public class DefaultFiltersBeanFactoryPostProcessor implements BeanFactoryPostProcessor {

    @Override
    public void postProcessBeanFactory(ConfigurableListableBeanFactory bf)
            throws BeansException {
        DefaultListableBeanFactory beanFactory = (DefaultListableBeanFactory) bf;

        Arrays.stream(beanFactory.getBeanNamesForType(javax.servlet.Filter.class))
                .forEach(name -> {

                    BeanDefinition definition = BeanDefinitionBuilder
                            .genericBeanDefinition(FilterRegistrationBean.class)
                            .setScope(BeanDefinition.SCOPE_SINGLETON)
                            .addConstructorArgReference(name)
                            .addConstructorArgValue(new ServletRegistrationBean[]{})
                            .addPropertyValue("enabled", false)
                            .getBeanDefinition();

                    beanFactory.registerBeanDefinition(name + "FilterRegistrationBean",
                            definition);
                });
    }
}

A bit more about this technique - here .

solution3
 4  2022-02-09 07:23:59

If you need to disable registering 2 filters(like i did), include a name for the bean(so that they do not override):

@Bean(name = "filterRegistrationBean1")
public FilterRegistrationBean<YourFilter1> registration(YourFilter1 f1) {
    FilterRegistrationBean<YourFilter1> registration = new FilterRegistrationBean<>(f1);
    registration.setEnabled(false);
    return registration;
}

@Bean(name = "filterRegistrationBean2")
public FilterRegistrationBean<YourFilter2> registration(YourFilter2 f2) {
    FilterRegistrationBean<YourFilter2> registration = new FilterRegistrationBean<>(f2);
    registration.setEnabled(false);
    return registration;
}

solution4
 0  2022-12-09 11:13:40

I use aop to do that, use around pointcut to joincut your filter, manully invode
filterChain.doFilter(request, response)

@Aspect
@Component
public class AspectDemo {

    @Around(value = "com.xxx.pointcut01()")
    public void around01(ProceedingJoinPoint joinPoint) throws Throwable {
        System.out.println("[Aspect-around01] start");

        ServletRequest request = (ServletRequest)Arrays.asList(
                ((MethodInvocationProceedingJoinPoint) joinPoint).getArgs()
        ).get(0);

        ServletResponse response = (ServletResponse)Arrays.asList(
                ((MethodInvocationProceedingJoinPoint) joinPoint).getArgs()
        ).get(1);


        FilterChain filterChain = (FilterChain)Arrays.asList(
                ((MethodInvocationProceedingJoinPoint) joinPoint).getArgs()
        ).get(2);

        filterChain.doFilter(request, response);

        //do not execute origin doFilter() method
        //joinPoint.proceed();
        System.out.println("[Aspect-around01] end");

    }

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Prevent Spring Boot from registering one of Spring Security filter Servlet Filter as Component Spring Boot Add a Servlet Filter in a Spring Boot application Adding a filter to the Servlet configuration in Spring Boot How to Inject Dependencies into a Servlet Filter with Spring Boot Filter Registration Bean? Just upgraded from Spring Boot 2.7.4 to Spring Boot 3.0.0, caused error Caused by: java.lang.NoClassDefFoundError: javax.servlet.Filter javax.servlet.ServletException: Filter execution threw an exception in spring boot No default constructor when adding servlet filter in Spring Boot Spring boot : Unable to load cache item: javax/servlet/Filter Spring-boot: Apply Servlet Filter to all routes except one
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM