@Value annotation return empty value in an AbstractAuthenticationProcessingFilter filter

Question

I'm developing a springboot application with spring security. I'm trying to make my custom authentication filter reading some properties from the application.properties file without success.

I've read this other question which is similar but within a different context (not related to spring security filters). The reason for the failure makes sense to me but I've tried the way suggested with the DelegatingFilterProxy but without success (to be fair, I didn't really get the meaning of the part added to the Application class). The other solution does not fit my case as I don't have any onStartup method to override.

Here is the code I'm using:

public class JWTAuthenticationFilter extends
        AbstractAuthenticationProcessingFilter {

    @Value("${app.jwtSecret}")
    public String SECRET2;

Almost the same code, in a controller class, works fine:

@RestController
@RequestMapping("/api")
@CrossOrigin
@EnableAutoConfiguration
public class UsersController {

    @Value("${app.jwtSecret}")
    public String SECRET2;

But I can't make it work in the filter. I'm using springboot 2.0.3.

Any suggestion? Is the DelegatingFilterProxy the right approach in this situation? In that case, any example/article I could follow?

Thanks, Michele.

UPDATE: to fully answer to the first comment, the filter is called by the following class:

@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {

    @Autowired
    private LdapAuthenticationProvider ldapAuthenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable().authorizeRequests()
            .antMatchers(HttpMethod.POST, "/api/secureLogin").permitAll()
            .antMatchers(HttpMethod.GET, "/api").permitAll()
            .antMatchers("/api/**").authenticated()
            .and()
            .addFilterBefore(new JWTAuthenticationFilter(authenticationManager()), UsernamePasswordAuthenticationFilter.class)
            .addFilter(new JWTAuthorizationFilter(authenticationManager()))
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(ldapAuthenticationProvider);
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }



}

Answer 1

No need to use @Value in filter class:

public class JWTAuthenticationFilter extends
        AbstractAuthenticationProcessingFilter {

    private String secret;

    //... setter for secret

But inject the secret in the config class:

@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {

    @Value("${app.jwtSecret}")
    public String secret;

    //...

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        JWTAuthorizationFilter jwtFilter = new JWTAuthorizationFilter(authenticationManager());
        //set secret
        //...
    }