Announcement Announcement Module
No announcement yet.
filter-chains Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • filter-chains

    I have a project where I have to authenticate two different ways. One from a cookie, one from Flex.

    I've got the filter-chain working for the cookie but I'm not sure how flex does it's authentication (I think BASIC). If I remove my filter chains and just do Flex then security works.

    So my question is: What is the default filter chain (I think I found it at and more importantly, what are the default bean definitions for the filters?

    My hope it just to define a chain that is the same as the default chain and then remove pieces till I get it down to just what I need.

    Thing is, I'm having trouble finding the default bean definitions...

  • #2
    This is a good read


    • #3
      Read it before...

      I read that article before and it does give a good overview but it doesn't cover all of the beans (such as BasicAuthenticationFilter).

      It was very helpful for the cookie chain, but it comes up a little short for the rest.

      I wonder if there is something in the jar's that has all the information?



      • #4
        If you start with the HttpConfigurationBuilder (assuming you are using Spr Sec 3), and walk through all the beans it creates, you should have a fairly good idea of all the bits that are involved in the default filter chain. Also, stepping through a full request in a debugger is enormously insightful. This level of detail really wouldn't be documented in the high-level documentation, since most people are unlikely to get to this kind of detail in day-to-day use.

        Hope that helps! Ping back if you have further questions once you start digging...


        • #5
          Another obvious way to view the filter chain is to use a stacktrace - e.g. from the debug log when the initial access to a secured resource fails.

          If you use 3.1, the debug filter (added by using the <debug /> element) will also report the filter stack for each request, or you can directly introspect the FilterChainProxy once it is created.

          The filter stack will vary depending on which features you enable and can also be different for different requests (i.e. there can be multiple filter chains).