Git Product home page Git Product logo

Comments (9)

ddewaele avatar ddewaele commented on June 9, 2024 1

What you're seeing here is the top level filter chain that the spring context is building. (All filters that are either registered via a FilterRegistrationBean, or GenericFilterBeans).

If you want to make use of Spring Security features, I think it's best to make sure your filter is hooked into the springSecurityFilterChain. To do that you make sure Spring doesn't register it automatically, and you create a new security config (via a WebSecurityConfigurer) to hook your filter in the spring security filter before or after an existing filter.

It is also mentioned here : https://spring.io/guides/topicals/spring-security-architecture/

The fact that all filters internal to Spring Security are unknown to the container is important, especially in a Spring Boot application, where all @beans of type Filter are registered automatically with the container by default. So if you want to add a custom filter to the security chain, you need to either not make it a @bean or wrap it in a FilterRegistrationBean that explicitly disables the container registration.

from ixortalk.aws.cognito.jwt.security.filter.

xanscale avatar xanscale commented on June 9, 2024

in this way i need to register manually with addFilterBefore? only with your bean i receive:

2018-07-27 14:23:42.834  INFO 18245 --- [ost-startStop-1] o.s.boot.web.servlet.RegistrationBean    : Filter awsCognitoJwtAuthenticationFilter was not registered (disabled)
2018-07-27 14:23:42.839  INFO 18245 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2018-07-27 14:23:42.840  INFO 18245 --- [ost-startStop-1] o.s.boot.web.servlet.RegistrationBean    : Filter myHlJwtAuthenticationFilter was not registered (disabled)
2018-07-27 14:23:42.840  INFO 18245 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2018-07-27 14:23:42.840  INFO 18245 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2018-07-27 14:23:42.840  INFO 18245 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2018-07-27 14:23:42.841  INFO 18245 --- [ost-startStop-1] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2018-07-27 14:23:42.841  INFO 18245 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpTraceFilter' to: [/*]
2018-07-27 14:23:42.841  INFO 18245 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'webMvcMetricsFilter' to: [/*]
2018-07-27 14:23:42.841  INFO 18245 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestLoggingFilter' to: [/*]

from ixortalk.aws.cognito.jwt.security.filter.

xanscale avatar xanscale commented on June 9, 2024

with this configuration all works fine but i don't know if this is a correct way

@Configuration
public class HcaWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
	@Autowired
	private AwsCognitoJwtAuthenticationFilter awsCognitoJwtAuthenticationFilter;

	@Autowired
	private HcaAuthenticationEntryPoint hcaAuthenticationEntryPoint;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.cors().and().authorizeRequests().anyRequest().authenticated().and()
				.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
				.exceptionHandling().authenticationEntryPoint(hcaAuthenticationEntryPoint).and()
				.addFilterBefore(awsCognitoJwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
				.addFilterBefore(new MyHlJwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
		;
	}

	@Bean
	public FilterRegistrationBean unregister(AwsCognitoJwtAuthenticationFilter awsCognitoJwtAuthenticationFilter) {
		FilterRegistrationBean registration = new FilterRegistrationBean<>(awsCognitoJwtAuthenticationFilter);
		registration.setEnabled(false);
		return registration;
	}
}

from ixortalk.aws.cognito.jwt.security.filter.

ddewaele avatar ddewaele commented on June 9, 2024

Looks ok to me .. I'm probably going to disable the filter registration by default in the auto config of this library so you don't have to do it in code anymore. That will solve this ticket and if the config above works for you we can also close issue #12

from ixortalk.aws.cognito.jwt.security.filter.

xanscale avatar xanscale commented on June 9, 2024

"disable the filter registration by default" i think is the correct coice

i have a question about:

.addFilterBefore(awsCognitoJwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new MyHlJwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)

i put aws and custom filter beforce UsernamePasswordAuthenticationFilter, but is not clear the order, actually works correctly but i fear that is a coincidence.

i need my custom fitler chained after Cognito, this is the correct way? i don't want that in a future version of spring change somethings internal and my code stop works.
i tried somethings like that but spring not start

.addFilterBefore(awsCognitoJwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new MyHlJwtAuthenticationFilter(), AwsCognitoJwtAuthenticationFilter.class)

from ixortalk.aws.cognito.jwt.security.filter.

ddewaele avatar ddewaele commented on June 9, 2024

Yes, misread your original config .... that indeed didn't make the order explicit.
Your last snippet should work ... what is the error you are getting ?

from ixortalk.aws.cognito.jwt.security.filter.

xanscale avatar xanscale commented on June 9, 2024

sorry seams something wrong before, now works

just i receive 2 invocation per fiter:

@Configuration
public class HcaWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
	@Autowired
	private AwsCognitoJwtAuthenticationFilter awsCognitoJwtAuthenticationFilter;
	@Autowired
	private MyHlJwtAuthenticationFilter myHlJwtAuthenticationFilter;
	@Autowired
	private HcaAuthenticationEntryPoint hcaAuthenticationEntryPoint;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.cors();
		http.authorizeRequests().anyRequest().authenticated();
		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
		http.exceptionHandling().authenticationEntryPoint(hcaAuthenticationEntryPoint);
		http.addFilterBefore(myHlJwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
		http.addFilterBefore(awsCognitoJwtAuthenticationFilter, MyHlJwtAuthenticationFilter.class);
	}

	@Bean
	public FilterRegistrationBean awsBean(AwsCognitoJwtAuthenticationFilter awsCognitoJwtAuthenticationFilter) {
		FilterRegistrationBean registration = new FilterRegistrationBean<>(awsCognitoJwtAuthenticationFilter);
		registration.setEnabled(false);
		return registration;
	}

	@Bean
	public FilterRegistrationBean myhlBean(MyHlJwtAuthenticationFilter myHlJwtAuthenticationFilter) {
		FilterRegistrationBean registration = new FilterRegistrationBean<>(myHlJwtAuthenticationFilter);
		registration.setEnabled(false);
		return registration;
	}
}

@Component
public class MyHlJwtAuthenticationFilter extends GenericFilterBean {}

from ixortalk.aws.cognito.jwt.security.filter.

xanscale avatar xanscale commented on June 9, 2024

@ddewaele also with only your filter using FilterRegistrationBean (enabled false) and addFilterBefore i receive 2 invocation.

another question are you sure to extends GenericFilterBean and not AbstractAuthenticationProcessingFilter ?

from ixortalk.aws.cognito.jwt.security.filter.

xanscale avatar xanscale commented on June 9, 2024

@ddewaele can you make version without autoregistration and read my pull request about a little fix ?

from ixortalk.aws.cognito.jwt.security.filter.

Related Issues (18)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.