views:

25

answers:

1

hi all i am using spring security 3.0.2 and i have one custom filter and its order is last and i want to add another filter after that filter, is the following config right ?

<custom-filter position="LAST" ref="filter1"/>
<custom-filter after="LAST" ref="filter2"/>
A: 

After looking in my own code I noticed that I didn't use the 'ref' attribute, but instead I place this tag inside my bean definition as follow:

<bean id="ntlmFilter" class="org.springframework.security.ntlm.samples.failover.NtlmProcessingFilter">
    <sec:custom-filter position="NTLM_FILTER" />
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="retryOnAuthFailure" value="false" />
    <property name="securityConfiguration" ref="securityConfiguration" />
</bean>

Source: http://github.com/aloiscochard/spring-security-ntlm-samples/blob/master/spring-security-ntlm-samples-failover/src/main/resources/applicationContext-security.xml

Even if it's for spring-security 2, the behavior is the same in version 3.

You can find all possible position in the org.springframework.security.config.http.SecurityFilters enumeration:

http://grepcode.com/file/repo1.maven.org/maven2/org.springframework.security/spring-security-config/3.0.2.RELEASE/org/springframework/security/config/http/SecurityFilters.java

You can use some postition already defined in this enumeration to define in which order your custom filters must be set.

For exemple:

  • one filter before LAST and one at LAST (but not after LAST ! nothing can be after LAST !)
  • or one filter before SWITCH_USER_FILTER and one after.

Don't know where your are placing your tags ? but I like to have them directly inside the filter bean... easier to maintain :-)

Hope that's help !

PS: Since position are based on integer you can perhaps put number instead of enumeration value (be warn to us correct position number, look at the logic inside the SecurityFilters enumeration), not sure if accepted ...

Alois Cochard
i did as you said and i got the following error - cvc-attribute.3: The value 'filter1' of attribute 'after' on element 'custom-filter' is not valid with respect to its type, 'named-security-filter'.
sword101
more description: - cvc-enumeration-valid: Value 'filter1' is not facet-valid with respect to enumeration '[FIRST, CHANNEL_FILTER,....
sword101
oops I gonna look inside my code, seems that my memory was corrupt
Alois Cochard
sorry I was wrong. I edited my response with the correct code !
Alois Cochard
thanks a lot man, that's really helped a lot
sword101