Results 1 to 3 of 3

Thread: FilterChainProxy and Ordered

  1. Sep 11th, 2008, 02:01 PM #1
    BStopp
    BStopp is offline Junior Member
    Join Date
    Apr 2007
    Posts
    19

    Default FilterChainProxy and Ordered

    I know that if you use the <http> element in the Security namespace, the resulting FilterChainProxy will honor the configured order of the plugged in Filter(s).

    However, i defined a FilterChainProxy bean, and the resulting execution order is the order in which they are defined.

    Why isn't my FilterChainProxy honoring the order of the filters as the Ordered interface specifies? Here's my filter chain definition:

    Code:
    <bean id="filterChainProxy" 
            class="org.springframework.security.util.FilterChainProxy">
        <security:filter-chain-map path-type="regex" >
            <security:filter-chain pattern="\A/.*"
                filters="httpSessionContextIntegrationFilter,
                          sessionFixationProtectionFilter,
                          securityConfigurationFilter,
                          logoutFilter,
                          ourSpecialAuthenticationProcessingFilter,
                          anonymousProcessingFilter,
                          exceptionTranslationFilter,
                          filterSecurityInterceptor" />
        </security:filter-chain-map>
    </bean>
    Each one of these filters is either the original filter with some replacement properties (for more fine tuned security) or a filter we defined but which extends from SpringSecurityFilter (and therefore must implement the Ordered interface).

    As you can see, my definition puts the sessionFixationProtectionFilter out of it's proper place. So when i go through the chain, it ends up as being filter 2 of 8, when it should be 6 of 8.

    Can anyone see what i'm doing wrong? Or do I need to post more information?

    Thanks in advance.

    -B
  2. Sep 12th, 2008, 03:37 AM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    It is intended to work this way when configured explicitly. There is no attempt to change the order from what you have specified, which allows you full control over the filter chain.

    Namespace configuration removes the need to know about such details so enforces a standard ordering.
  3. Sep 12th, 2008, 10:16 AM #3
    BStopp
    BStopp is offline Junior Member
    Join Date
    Apr 2007
    Posts
    19

    Default

    Ok, that's kind of what i was figuring. So my next question is:

    Is there ever going to be a way to override each of the filter definitions and still use the <http> namespacing?

    I think there are a few of the filters i've defined that i don't believe you can reconfigure, or if so, am i not seeing the namespacing?

    -B
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules