I am trying to implement basic stateless authentication with Spring Security by following this article
The problem I am facing is that my custom filter is not invoked by the infrastructure, even when my SecurityConfig looks almost the same as in the previous link (a bit simpler):
@Configuration @EnableWebMvcSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired @Qualifier("appAuthenticationProvider") private AuthenticationProvider authenticationProvider; @Autowired @Qualifier("appAuthenticationFilter") private AppAuthenticationFilter appAuthenticationFilter; @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable(). sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .authorizeRequests().anyRequest().authenticated() .and() .anonymous().disable() .exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint()); http.addFilterBefore(appAuthenticationFilter, BasicAuthenticationFilter.class); } @Bean public AuthenticationEntryPoint unauthorizedEntryPoint() { return (request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } }
I do not post code for authenticationProvider and appAuthenticationFilter, since the former works fine (I can log in using the / endpoint entry), and the latter simply implements GenericFilterBean and is not even called.
Any help would be greatly appreciated!
source share