How to disable the default spring security filter chain and define a custom filter chain. (PART-5)
Here you will learn
- How to create a custom filter chain.
- Inject filters into the custom filter chain.
So now you are going to bypass the default spring security filter chain. To do that you should disable it. Then define a new filter chain to the Spring Application iOC container.
Define a class to include configurations of the new filter chain. `config/SecurityConfig.java`
Then make this class a configuration class and bypass the default filter chain using these annotations.
@Configuration @EnableWebSecurity
Then define the filter chain as a bean to inject it into the IoC container.
SecurityFilterChain is an interface to create an object from which we use an implemented class called HttpSecurity.
Now the default chain is gone and we haven't defined any custom filters.
But by default in the filter chain, CSRF is enabled.
We aren’t using the CSRF token anymore, so let’s disable it.
Now we can call any endpoint even POST methods because CSRF is disabled, Without user credentials.
So now not processing any filtration.
Let’s define our First Filter.
1- Enable user credential authentication filter for all requests.
Now, the authentication filter is activated, but you can’t call any endpoint because it asks for credentials. However, we have not defined how this should happen.
To enable the login form or enable request header login.
Change the session creation policy if you want.
With a builder pattern, we can optimize the code.
Ok, now you have created your filter chain and added some basic filters.
But still, we didn’t archive our final destination, which is managing different users and roles. So let’s learn about it from the next upcoming posts.
Part 6: How to work with different users in spring security using in memory.
Part 4: What is the filter chain of Spring Security?
Part 3: What is CSRF Token in Spring Security?
Part 2: Change spring security default user name and password.
