Skip to content

Inbuilt Filters Of Spring Security#

Inbuilt Filters Of Spring Security#

  • We can always check the registered filters inside Spring Security with the below configurations.

    • @EnableWebSecurity(debug=true): We need to enable debugging of the security details.
    • Enable logging of the details by adding the below property in application.properties/application.yml.
      application.yml
      1
2
3
      logging:
    level: 
        org.springframework.security.web.FilterChainProxy: DEBUG

  • Below are some of the internal filters of Spring Security that gets executed in the authentication flow.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  CorsFilter
  CsrfFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  DefaultLoginPageGeneratingFilter
  DefaultLogoutPageGeneratingFilter
  BasicAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]

Example Configuration#

  • So based on the example in section Configure Roles, we will apply configuration for logging filters of spring security.
  • Firstly, let's open the main class in our spring security project and add the annotation @EnableWebSecurity(debug=true) as below
CustomDefaultSpringSecurityApplication.java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
package com.springboot.security.custom.basic.spring.security;  

import org.springframework.boot.SpringApplication;  
import org.springframework.boot.autoconfigure.SpringBootApplication;  
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  

@SpringBootApplication  
@EnableJpaRepositories  
@EnableWebSecurity(debug = true)  
public class CustomDefaultSpringSecurityApplication {  

    public static void main(String[] args) {  
        SpringApplication.run(CustomDefaultSpringSecurityApplication.class, args);  
    }  

}
  • Next, we go to the application.yml and add the configuration as below:
application.yml
1
2
3
logging:  
  level:  
    org.springframework.security.web.FilterChainProxy: DEBUG
  • Now, let's start our spring security application and call an example api to check the log in the IDE.
  • You will see all information about the request that come into your spring security application and list of filters that spring security are using.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
************************************************************

Request received for GET '/v1/loan':

org.apache.catalina.connector.RequestFacade@328ce6f1

servletPath:/v1/loan
pathInfo:null
headers: 
authorization: Basic aGFuLmRvQGV4YW1wbGUuY29tOjEyMzQ1
user-agent: PostmanRuntime/7.29.2
accept: */*
postman-token: 30aa0e03-868f-4c42-a21c-a5b6c912adfa
host: localhost:8080
accept-encoding: gzip, deflate, br
connection: keep-alive


Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  CorsFilter
  CsrfFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  DefaultLoginPageGeneratingFilter
  DefaultLogoutPageGeneratingFilter
  BasicAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]


************************************************************

See Also#

References#