5

I have two different security configurations for my application. One OAuth2SecurityConfiguration and the other is LdapSecurityConfiguration. In OAuth2SecurityConfiguration I have following security configuration with 2 filteres:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .exceptionHandling()
            .authenticationEntryPoint(authenticationEntryPoint)
            .and()
                .authorizeRequests()
                .antMatchers(OAUTH_ENDPOINT).permitAll()
                .anyRequest().authenticated()
            .and()
                .logout()
                .logoutUrl(LOGOUT_ENDPOINT)
                .logoutSuccessUrl("/")
                .addLogoutHandler(oAuthLogoutHandler)
            .and()
                .addFilterAfter(oAuth2ClientContextFilter, ExceptionTranslationFilter.class)
                .addFilterBefore(oAuth2AuthenticationProcessingFilter, FilterSecurityInterceptor.class)
                // anonymous login must be disabled,
                // otherwise an anonymous authentication will be created,
                // and the UserRedirectRequiredException will not be thrown,
                // and the user will not be redirected to the authorization server
                .anonymous().disable();
}

LdapSecurityConfiguration security configuration:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .exceptionHandling()
            .authenticationEntryPoint(restAuthenticationEntryPoint)
            .and()
                .authorizeRequests()
                .antMatchers(AUTH_ENDPOINT).permitAll()
                .anyRequest().authenticated()
            .and()
                .logout()
            .and()
                .addFilterBefore(authenticationFilter, OAuth2ClientContextFilter.class);
}

But when filter chain is initialised I get this error:

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
    ... 36 more
Caused by: java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter
    at org.springframework.security.config.annotation.web.builders.FilterComparator.registerBefore(FilterComparator.java:183)
    at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterBefore(HttpSecurity.java:1039)
    at com.company.configuration.LdapSecurityConfiguration.configure(LdapSecurityConfiguration.java:63)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:224)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:315)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:86)
    at com.company.configuration.LdapSecurityConfiguration$$EnhancerBySpringCGLIB$$b4922dd5.init(<generated>)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325)
    at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.CGLIB$springSecurityFilterChain$3(<generated>)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e$$FastClassBySpringCGLIB$$b8c23686.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:358)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.springSecurityFilterChain(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
    ... 37 more
Vladislav Chernogorov
  • 131
  • 2
  • 2
  • 6

2 Answers2

0

How to add filter before my another filter in spring-security?

with addFilterBefore

Cannot register after unregistered Filter

but only if the one you're trying to add it before is actually there

The problem is you have two separate configurations. You need to make sure they're applied in the correct order (with Ordered or @Order), or just merge them into a single configuration.

Note also that your configurations are trying to configure logout() and exceptionHandling() differently. You can't have it both ways like that.

OrangeDog
  • 36,653
  • 12
  • 122
  • 207
  • 1
    I have `@Order(1)` for my `OAuth2SecurityConfiguration` and `@Order(2)` for `LdapSecurityConfiguration`. – Vladislav Chernogorov Jun 20 '17 at 13:33
  • @VladislavChernogorov: The problem is, that `OAuth2ClientContextFilter` is not registered in `LdapSecurityConfiguration`, so you cannot add another filter before non-existing `OAuth2ClientContextFilter`. @OrangeDog's answer is a little bit confusing, because the exeption has nothing to do with the order of the configurations. – dur Jun 21 '17 at 08:29
  • It's not registered because the other config hasn't registered it yet, or the configs are otherwise conflicting. It may be the case that @Order has no effect here. – OrangeDog Jun 21 '17 at 08:33
-1

The answer helped me : https://stackoverflow.com/a/32227901/1110253. I "wrap" OAuth2AuthenticationProcessingFilter with custom filter.

SparX
  • 271
  • 2
  • 6
  • 15