A web.xml makes registering the order of an application's filters obvious/explicit. But, I'm using Java Config. I define a filter, MyProcessingFilter.java, which extends AbstractAuthenticationProcessingFilter. In the filter chain, I need to make sure that it comes after Spring Security's SecurityContextPersistenceFilter. See essential Spring Security filter ordering.
I'm using Spring Boot. This is how I declare my filter
@Configuration
public class Config {
/*...*/
@Bean
public Filter myProcessingFilter() {
MyProcessingFilter myProcessingFilter = new MyProcessingFilter(AnyRequestMatcher.INSTANCE);
myProcessingFilter.setAuthenticationManager(authenticationManager());
return myProcessingFilter;
}
}
Spring Boot orders this custom filter first.
Basically, I have a custom authentication filter and I need it to come after Spring Security's SecurityContextPersistenceFilter. Any suggestions?
