Configuring a security filter for incoming requests

When implementing security in a web application, it is better to validate all of the incoming requests. In Spring Security, the framework itself looks at the incoming request and authenticates the user to perform an action, based on the provided access. To intercept all of the incoming requests to a web application, we need to configure filter, DelegatingFilterProxy, which will delegate the requests to a Spring-managed bean, FilterChainProxy:

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Based on the filter configuration, all of the requests will go through this filter. Now, let's configure security-related stuff, like authentication, URL security, and role access.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset