javaspringspring-securityspring-filter

Spring security custom filter called twice for REST Controller


I implemented a custom Spring Security Filter to have a custom Authentication system. This works fine.

To configure my filter I used this config:

@Override
protected void configure(HttpSecurity http) throws Exception {


    http.antMatcher("/api/**")
            .csrf()
            .disable()
            .headers()
            .frameOptions()
            .disable()
            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers("/api/**")
            .authenticated().and().addFilterBefore(new MyTokenAuthFilter(), AbstractPreAuthenticatedProcessingFilter.class);

If I try to put a breakpoint into this filter I see that the method doFilterInternal will be called twice for each REST request. Strange.. Any suggestion?


Solution

  • For those who encounter this problem I found the cause:

    I declared my custom filter as @Component.

    This is not necessary and this will produce a twofold filter registration in my case.