9 Implementing filters

 

This chapter covers

  • Working with the filter chain

  • Defining custom filters

  • Using Spring Security classes that implement the Filter interface

In Spring Security, HTTP filters delegate the different responsibilities that apply to an HTTP request. In chapters 3 through 5, where we discussed HTTP Basic authentication and authorization architecture, I often referred to filters. You learned about a component we named the authentication filter, which delegates the authentication responsibility to the authentication manager. You learned as well that a certain filter takes care of authorization configuration after successful authentication. In Spring Security, in general, HTTP filters manage each responsibility that must be applied to the request. The filters form a chain of responsibilities. A filter receives a request, executes its logic, and eventually delegates the request to the next filter in the chain (figure 9.1).

Figure 9.1 The filter chain receives the request. Each filter uses a manager to apply specific logic to the request and, eventually, delegates the request further along the chain to the next filter.

9.1 Implementing filters in the Spring Security architecture

9.2 Adding a filter before an existing one in the chain

9.3 Adding a filter after an existing one in the chain

9.4 Adding a filter at the location of another in the chain

9.5 Filter implementations provided by Spring Security

Summary

sitemap