Spring security filter not firing up

Question

My authentication filters are not firing up under request.

I have 2 security configurations, one for the login endpoint only, authenticating with the Authentic

Answer 1

Your filters extend UsernamePasswordAuthenticationFilter and this filter by default is only applied for URL /login, see UsernamePasswordAuthenticationFilter:

This filter by default responds to the URL /login.

If you want to change the default to another URL, see AbstractAuthenticationProcessingFilter#setFilterProcessesUrl:

Sets the URL that determines if authentication is required

Your modified code:

public AuthenticationFromCredentialsFilter authenticationFromCredentialsFilter() throws Exception {
    AuthenticationFromCredentialsFilter authenticationFromCredentialsFilter = new AuthenticationFromCredentialsFilter();
    authenticationFromCredentialsFilter.setAuthenticationManager(authenticationManagerBean());
    authenticationFromCredentialsFilter.setFilterProcessesUrl("/api/users/login");
    return authenticationFromCredentialsFilter;
}

If you want to use a pattern, see AbstractAuthenticationProcessingFilter:

This filter will intercept a request and attempt to perform authentication from that request if the request matches the setRequiresAuthenticationRequestMatcher(RequestMatcher).

Your modified code:

public AuthenticationFromTokenFilter authenticationFromTokenFilter() throws Exception {
    AuthenticationFromTokenFilter authenticationFromTokenFilter= new AuthenticationFromTokenFilter();
    authenticationFromTokenFilter.setAuthenticationManager(authenticationManagerBean());
    authenticationFromTokenFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/api/**");
    return authenticationFromTokenFilter;
}