Filters In Spring Security

Filters In Authorization And Authentication Flow

• Lot of times we will have situations where we need to perform some house keeping activities during the authentication and authorization flow. Some examples are:
  • Input validation
  • Tracing, Auditing and Reporting
  • Logging of input like IP Address etc.
  • Encryption and Decryption
  • Multi factor authentication using OPT
• All such requirements can be handled using HTTP filters inside Spring Security. Filters are servlet concepts which are leveraged in Spring Security as well.
• We already saw some in built filters of Spring Security framework like Authentication filter, Authorization filter, CSRF filter, CORS filter in previous sections.
• A filter is a component which receives requests, process its logic and handover to the next filter in the chain.
• Spring Security is based on a chain of servlet filters. Each filter has a specific responsibility and depending on the configuration, filters are added or removed. We can add our custom filters as well based on the need.

Understanding And Implementing Filters

• Inbuilt Filters Of Spring Security
• Filters Implementation
• GenericFilterBean And OncePerRequestFilter

See Also

• Spring Security Introduction

References

• Spring Security Zero To Master