I'm facing some problems with spring security and spring boot here when adding some custom filters.
In my main class I have:
@ComponentScan
@SpringBootApplication
@ImportResource("/applicationContext.xml")
public class Application {}
Also I removed the "spring-boot-starter-security" (I already tried with this dependency) dependency. I thought the problem was related to some automatic stuff from spring boot with spring security, so I tried to "disable" spring-security started by spring boot and configured security by myself, so I added expliclty the dependencies:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
Then I have a filter which makes a custom authentication:
public class SSOProcessingFilter extends extends GenericFilterBean {}
Then in my applicationContext.xml I created a bean for this filter:
<bean id="ssoAuthenticationFilter" class="com.custom.security.filter.SSOProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
My problem happens when I try to remove security from an endpoint, for example:
<security:http pattern="/api/v1/health" security="none"/>
Once I started the application, It invokes the SSOProcessingFilter every time just by declaring the bean in the applicationContext.xml
I need that once a given endpoint is marked to not have security. this SSOProcessingFilter does not execute.
Do you know why spring boot is always executing this filter even for endpoints without security?
Thanks in advance