Announcement Announcement Module
Collapse
No announcement yet.
Basic Question regarding FilterChainProxy Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Basic Question regarding FilterChainProxy

    Hi,

    Ive been reading through the spring security docs (halfway so far) as I intend to introduce spring security into an existing application that is using rest services and oauth. The current application was using jersey and had an authentication filter on each controller.

    I am confused reading the section on 8.2 FilterChainProxy and using the example:

    Code:
    <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
      <constructor-arg>
        <list>
          <sec:filter-chain pattern="/restful/**" filters="
               securityContextPersistenceFilterWithASCFalse,
               basicAuthenticationFilter,
               exceptionTranslationFilter,
               filterSecurityInterceptor" />
          <sec:filter-chain pattern="/**" filters="
               securityContextPersistenceFilterWithASCTrue,
               formLoginFilter,
               exceptionTranslationFilter,
               filterSecurityInterceptor" />
        </list>
      </constructor-arg>
    </bean>
    As my application is using rest it would make sense that I use securityContextPersistenceFilterWithASCFalse (example above) so I dont create a wasteful HttpSessions.

    Is it then ok to pick and choose what filters I need providing they are in the correct order? And using the approach above I have to explicitly define the bean declarations of the filters in the xml config.

    So what im getting at is that do I have to declare the bean "exceptionTranslationFilter" for example in the xml, even though I dont intend on changing the way it works?

    Thanks in advance
Working...
X