boudhayan-dev

@Configuration
@EnableWebSecurity(debug=true)
public class MultipleSecurityCofig extends WebSecurityConfigurerAdapter {
	
	@Order(1)
	@Configuration
	public  static class EmployeeConfig extends WebSecurityConfigurerAdapter{

		@Override
		protected void configure(HttpSecurity http) throws Exception {		

boudhayan-dev

public class AuditLogFilter implements Filter {
	
	public static final Logger log = LoggerFactory.getLogger(AuditLogFilter.class);

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		log.info("Manager Login Detected at {} ",Instant.now());
		chain.doFilter(request, response);
	}

boudhayan-dev

@Configuration
public class FilterConfiguration {	
	
	@Bean
	public FilterRegistrationBean<DelegatingFilterProxy> getDelegatFilterRegistrationBean(){
		DelegatingFilterProxy delegateFilterProxy = new DelegatingFilterProxy(new LogFilter());
		FilterRegistrationBean<DelegatingFilterProxy> regBean = new FilterRegistrationBean<>(delegateFilterProxy);
		regBean.setOrder(-150);
		regBean.setName("LoggerDelegatingFilterProxy");
		return regBean;

boudhayan-dev

public class LogFilter implements Filter {
	
	public static final Logger log = LoggerFactory.getLogger(LogFilter.class);

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		
		HttpServletRequest req = (HttpServletRequest) request;
		MDC.put("LOGID", UUID.randomUUID().toString());

boudhayan-dev

protected void configure(HttpSecurity http) throws Exception {
  this.logger.debug("Using default configure(HttpSecurity). "
      + "If subclassed this will potentially override subclass configure(HttpSecurity).");
  http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
  http.formLogin();
  http.httpBasic();
}

boudhayan-dev

// STEP 1 : Instatiation of the FilterChainProxy Bean
@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
public Filter springSecurityFilterChain() throws Exception {
  boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
  boolean hasFilterChain = !this.securityFilterChains.isEmpty();
  Assert.state(!(hasConfigurers && hasFilterChain),
      "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
  if (!hasConfigurers && !hasFilterChain) {
    WebSecurityConfigurerAdapter adapter = this.objectObjectPostProcessor
        .postProcess(new WebSecurityConfigurerAdapter() {

boudhayan-dev

// 1. FilterChainProxy -> doFilter Method

private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain)
    throws IOException, ServletException {
  FirewalledRequest firewallRequest = this.firewall.getFirewalledRequest((HttpServletRequest) request);
  HttpServletResponse firewallResponse = this.firewall.getFirewalledResponse((HttpServletResponse) response);
  List<Filter> filters = getFilters(firewallRequest);
  if (filters == null || filters.size() == 0) {
    if (logger.isTraceEnabled()) {
      logger.trace(LogMessage.of(() -> "No security for " + requestLine(firewallRequest)));

boudhayan-dev

@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
public Filter springSecurityFilterChain() throws Exception {
  boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
  boolean hasFilterChain = !this.securityFilterChains.isEmpty();
  Assert.state(!(hasConfigurers && hasFilterChain),
      "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
  if (!hasConfigurers && !hasFilterChain) {
    WebSecurityConfigurerAdapter adapter = this.objectObjectPostProcessor
        .postProcess(new WebSecurityConfigurerAdapter() {
        });

boudhayan-dev

@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.sessionManagement().disable();
		http.cors().disable();
		http.csrf().disable();
		http.logout().disable();

boudhayan-dev

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
    throws ServletException, IOException {

  // Lazily initialize the delegate if necessary.
  Filter delegateToUse = this.delegate;
  if (delegateToUse == null) {
    synchronized (this.delegateMonitor) {
      delegateToUse = this.delegate;
      if (delegateToUse == null) {