I am developing an application with Spring Boot + spring security. For the same i have defined a filter as.
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/authtoken").permitAll()
.antMatchers("/authenticate**").permitAll()
.antMatchers("/authfailure").permitAll()
.antMatchers("/**").authenticated()
.and()
.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class)
.addFilterAfter(accessFilter, UsernamePasswordAuthenticationFilter.class)
.authenticationProvider(tokenAuthenticationProvider)
.antMatcher("/**").exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
}
Where tokenFilter is an instance of AuthTokenFilter(class that has code for authentication and is injected to using @inject) .
AuthTokenFilter implements methods of Filter interface as.
public class AuthTokenFilter implements Filter {
ServletContext sc ;
@Override
public void init(FilterConfig fc) throws ServletException {
sc = fc.getServletContext();
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
-------
-------
}
My issue is when I run the app using SpringBoot , it runs fine. But when I create a war out of it and run the same in a tomcat, neither the init nor the doFilter are invoked for the request. Hence it returns unauthorized.
Same happens for accessFilter.
Does anyone know the reason behind this behavior? or What changes I need to make to get my app working on tomcat?
What Tomcat version you use?
I am not sure, but try this:
In declaration of class AuthTokenFilter, add the anotation @Component
I have one project with filter and only write:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCORSFilter implements Filter ...
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.