0

I am working on making API in Spring Boot using Spring Security.

I made when there is request for /account/** and /notifications/**, it goes to JwtAuthenticationFilter by configuring it in SecurityFilterChain.

And now I want to add /plan/webhook endpoint and it goes to only RevenueCatAuthenticationFilter without passing other Filters so I can make different authentication logic for /plan/webhook.

But I found it goes to RevenueCatAuthenticationFilter -> JwtAuthenticationFilter. How can I make /plan/webhook pass only RevenueCatAuthenticationFilter?

Thank you in advance.

package com.xxxx.xxxx.config;

import com.xxxx.xxxx.config.filter.JwtAuthenticationFilter;
import com.xxxx.xxxx.config.filter.RevenueCatAuthenticationFilter;
import com.xxxx.xxxx.service.FirebaseService;
import com.xxxx.xxxx.util.JwtTokenUtil;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {

    JwtAuthenticationFilter jwtAuthenticationFilter(JwtTokenUtil jwtTokenUtil, FirebaseService firebaseService) {
        return new JwtAuthenticationFilter(jwtTokenUtil, firebaseService);
    }
    RevenueCatAuthenticationFilter revenueCatAuthenticationFilter() {
        return new RevenueCatAuthenticationFilter();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http, JwtTokenUtil jwtTokenUtil, FirebaseService firebaseService) throws Exception {
        return http
                .httpBasic().disable()
                .csrf().disable()
                .cors().disable()
                .authorizeRequests()
                .antMatchers(
                        "/swagger-resources/**",
                        "/swagger-ui.html",
                        "/swagger-ui/index.html",
                        "/v3/api-docs",
                        "/webjars/**").permitAll()
                .antMatchers("/health/check").permitAll()
                .antMatchers("/notifications/count").permitAll()
                .antMatchers("/plan/webhook").permitAll()
                .anyRequest().authenticated()
                .and()
                .requestMatchers().antMatchers("/plan/webhook").and()
                .addFilterBefore(revenueCatAuthenticationFilter(), BasicAuthenticationFilter.class)
                .requestMatchers().antMatchers("/account/**", "/notifications/**").and()
                .addFilterBefore(jwtAuthenticationFilter(jwtTokenUtil, firebaseService), BasicAuthenticationFilter.class)
                .build();
    }
}

ps)

  • My JwtAuthenticationFilter extends GenericFilter
  • My RecevenuCatAuthenticationFilter extends OncePerRequestFilter.
Serin Heo
  • 11
  • 3

0 Answers0