9 Implementing filters
This chapter covers
- Working with the filter chain.
- Defining custom filters.
- Using classes provided by Spring Security that implement the Filter interface.
In Spring Security, the HTTP filters delegate the different responsibilities that apply to an HTTP request. In chapters 3 through 5, where we discussed the HTTP Basic authentication and authorization architecture, I’ve often referred to filters. You learned that there is a component we named authentication filter, which delegates the authentication responsibility to the authentication manager. You learned as well that a certain filter takes care of the authorization configuration after successful authentication. In general, in Spring Security, the HTTP filters manage each responsibility that must be applied to the request. The filters form a chain of responsibilities. A filter receives the request, executes its logic, and eventually delegates the request to the next filter in the chain (figure 9.1).