Spring security always returns HTTP 403

Question

I have configured a custom Filter that grants a spring authority for every URL other than /login :

public class TokenFilter impleme         


        

Answer 1

UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken, AbstractAuthenticationToken implements Authentication.

Spring security call Authentication's method isAuthenticated() to check whether it should be pass.

So you should call setAuthenticated of UsernamePasswordAuthenticationToken instance and set the argument true.

Like this:

public class TokenFilter implements Filter {
    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        GrantedAuthority authority = new SimpleGrantedAuthority("myAuthority");
        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user, token, Arrays.asList(authority));

        auth.setAuthenticated(true);

        SecurityContextHolder.getContext().setAuthentication(auth);
  }
}