Nov 22nd, 2010, 10:41 AM
customize / override oauth2 filters
I've seen that it is possible to inject a custom redirectStrategy in most of spring objects that perform redirections, this is great for us but we've seen the OAuth2ClientContextFilter does not allow injection of a custom redirectStrategy instead it calls response.sendRedirect() directly
Since th filter calls response.sendRedirect() i don't think we can inject a custom redirectStrategy (I think I'll create an issue in jira about this) but I will like to know if is there a way to customize the oauth filters in order to override some behaviors (<http> <custom-filter> </http> is not allowing me to override oauth filters).
I've been thinking about creating a BeanPostProcessor to modify the filter chain and set my customized instance of the filter there but i find this pretty ugly.
Is there another way to customize an oauth 2 filter?
Thanks a lot guys
Nov 23rd, 2010, 10:31 AM
I'd encourage you to log a bug that points out the problem with a redirect strategy. We should be able to get that fixed for the next release.
Re: inserting a custom filter: I've never done it, but you could try creating your own bean named "oauth2ClientContextFilter", which might override the default context filter set up by the namespace handling. Let us know if it works!
Nov 23rd, 2010, 11:29 AM
Nov 27th, 2010, 01:43 PM
Thanks for your reply and for creating the issue.
I've tried defining the oauth2ClientContextFilter bean to try to override the standard one as you suggested but it didn't work.
My solution at the moment was to create my custom namespace handler and then I can inject my custom filter with no problem but I'm probably loosing compatibility with future versions.
I'm thinking about modifying the standard bean definition parsers in order to allow a flexible filter customization. If a get to a good solution I'll propose a patch for this.
Thanks for your comments