8

Here is the problem: I can successfully register the Filter, but don't know how to set the mapping URL using this specific configuration.

Here is my Class:

public class WebInitializer extends
        AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class<?>[]{AppConfig.class};
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class<?>[]{WebConfig.class};
    }

    @Override
    protected Filter[] getServletFilters() {

        return new Filter[]{
            new DelegatingFilterProxy("springSecurityFilterChain"),
            new DelegatingFilterProxy("customFilter")
        };
    }

    @Override
    protected String[] getServletMappings() {
        return new String[]{"/"};
    }
}

P.D. I had done it using WebApplicationInitializer, but I want to use AbstractAnnotationConfigDispatcherServletInitializer.

Kees de Kooter
  • 7,078
  • 5
  • 38
  • 45
Charlires
  • 863
  • 1
  • 11
  • 30
  • 1
    A `DelegatingFolterProxy`'s purpose is to delegate to a Spring bean which implements the Filter interface, hence the filter mappings have to be in the definition of bean names you are passing as argument to DelegatingFilterProxy. – Anadi Misra Aug 08 '14 at 19:17
  • Can you show me a sample of how to do that? Its not that clear to me. – Charlires Aug 08 '14 at 19:20

2 Answers2

9

The only way I was able to do this was to use the FilterRegistration.Dynamic interface. In your WebInitializer class, add your custom filter manually in the onStartup method (an override from a superclass). There is no way that is more elegant at the moment to my knowledge.

@Override
public void onStartup(ServletContext servletContext)
        throws ServletException {
      FilterRegistration.Dynamic encodingFilter = servletContext.addFilter("my-filter", new MyFilter());
      encodingFilter.setInitParameter("blah", "blah");
      encodingFilter.addMappingForUrlPatterns(null, false, "/toBeFiltered/*");

    super.onStartup(servletContext);
}

If you want this filter to work correctly then it would be best for you to comment out the getServletFilters method you have overridden so that this filter is served back correctly from the servletContext.

dectarin
  • 986
  • 5
  • 15
  • Yeah, me too I was hoping that there was a way to do it without overriting the onStartup method. – Charlires Aug 09 '14 at 03:14
  • 1
    I agree but its not that bad a solution.. at least it can be done without resorting to complete hackery! If you are unhappy with it, you could address it on Spring's jira - https://jira.spring.io/browse/SPR – dectarin Aug 09 '14 at 03:34
  • @dectarin Thanks a lot. I was trying for days to get my characterEncodingFilter to work correctly. The proposed solution to simply use the "getServletFilters" method isn't working in any case. – M46 Jul 16 '18 at 09:38
  • super.onStartup(servletContext); cant be put on that line. – Jeryl Cook Jan 13 '22 at 00:14
-1

For the springSecurityFilterChain, simply add this class to the same package as other configuration classes

@Order(2)
public class MyAppSecureWebAppInitializer extends
    AbstractSecurityWebApplicationInitializer {

  @Override
  protected boolean enableHttpSessionEventPublisher() {
    return true;
  }
}

The AbstractSecurityWebApplicationInitializer (from javadocs)

Registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter. When used with AbstractSecurityWebApplicationInitializer(Class), it will also register a ContextLoaderListener. When used with AbstractSecurityWebApplicationInitializer(), this class is typically used in addition to a subclass of AbstractContextLoaderInitializer.

By default the DelegatingFilterProxy is registered without support, but can be enabled by overriding isAsyncSecuritySupported() and getSecurityDispatcherTypes().

Additional configuration before and after the springSecurityFilterChain can be added by overriding afterSpringSecurityFilterChain(ServletContext).

And from the spring security example in Github

@Override
protected Filter[] getServletFilters() {
    CharacterEncodingFilter encodingFilter = new CharacterEncodingFilter();
    encodingFilter.setEncoding("UTF-8");
    encodingFilter.setForceEncoding(true);

    DelegatingFilterProxy reconnectDelegate = new DelegatingFilterProxy("apiExceptionHandler");

    return new Filter[] { reconnectDelegate, encodingFilter, new HiddenHttpMethodFilter() };
}
Anadi Misra
  • 1,925
  • 4
  • 39
  • 68
  • 1
    Thank you for the clarification, but my question is where can I tell the filter when is going to be mapped?, the Url that is going to be filtered, because by default its mapped from "/" as the getServletMappings() method says. – Charlires Aug 08 '14 at 20:31