I implemented a custom Spring Security Filter to have a custom Authentication system. This works fine.
To configure my filter I used this config:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**")
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/**")
.authenticated().and().addFilterBefore(new MyTokenAuthFilter(), AbstractPreAuthenticatedProcessingFilter.class);
If I try to put a breakpoint into this filter I see that the method doFilterInternal will be called twice for each REST request. Strange.. Any suggestion?
For those who encounter this problem I found the cause:
I declared my custom filter as @Component.
This is not necessary and this will produce a twofold filter registration in my case.