9 Implementing filters

 

This chapter covers

  • Working with the filter chain.
  • Defining custom filters.
  • Using classes provided by Spring Security that implement the Filter interface.

In Spring Security, the HTTP filters delegate the different responsibilities that apply to an HTTP request. In chapters 3 through 5, where we discussed the HTTP Basic authentication and authorization architecture, I’ve often referred to filters. You learned that there is a component we named authentication filter, which delegates the authentication responsibility to the authentication manager. You learned as well that a certain filter takes care of the authorization configuration after successful authentication. In general, in Spring Security, the HTTP filters manage each responsibility that must be applied to the request. The filters form a chain of responsibilities. A filter receives the request, executes its logic, and eventually delegates the request to the next filter in the chain (figure 9.1).

Figure 9.1 The filters chain receives the request. Each filter uses a manager to apply specific logic to the request and, eventually, delegates the request further in the chain to the next filter.

9.1      Implementing filters in the Spring Security architecture

9.2      Adding a filter before an existing one in the chain

9.3      Adding a filter after an existing one in the chain

9.4      Adding a filter at the location of another in the chain

9.5      Filter implementations provided by Spring Security

9.6      Summary

sitemap