What is DelegatingFilterProxy in Spring Security?

This class was originally inspired by Spring Security’s   FilterToBeanProxyclass, written by Ben Alex.
Authors:
Juergen Hoeller, Sam Brannen, Chris Beams
Before we go ahead try to understand the role of DelegatingFilterProxy in Spring Security, we need to go through the basics involved in securing the web application.
When we talk about securing a web application fundamentally we are saying that response should go to requests which are authenticated, else they should not.
In a Java web application, a servlet filter plays the role of intercepting a request and performing some function or intercepting the response and acting on it before it goes back to client.
So to act on a request or response we need to define a Filter in the web.xml, the Servlet Container manages the lifecycle of this filter. But if we want to get the Spring Container  to create the instance of these Filter beans that do the actual filtering, and  use the DI to configure these beans we need the DelegatingFilterProxy.
DelegatingFilterProxy comes to the rescue in this situation,it finds the beans in the spring application context which implements the custom logic and invokes the doFilter() method of this bean as it implements the Filter interface. For example
<filter>
<filter-name>customFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>customFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
You need only a single DelegatingFilterProxy declaration in web.xml but you can have more than one filtering beans chained together in your application context.
Now we can read the class’s documentation
web.xml will usually contain a  DelegatingFilterProxy definition, with the specified filter-name corresponding to a bean name in Spring’s root application context. All calls to the filter proxy will then be delegated to that bean in the Spring context, which is required to implement the standard Servlet Filter interface.


This approach is particularly useful for Filter implementation with complex setup needs, allowing to apply the full Spring bean definition machinery to Filter instances. Alternatively, consider standard Filter setup in combination with looking up service beans from the Spring root application c

Comments

Post a Comment

Popular posts from this blog

Java Interview : Threads

Java came up with multi threading long time back, still the kind of response it invokes when this topic raises its head during interviews is not very encouraging. If you have attended an java interview, a couple of suppose to be very smart guys also know as lead developers will shower you with questions on multi threading, grilling you down to make sure what you are talking about, even asking you to write fork-join snippets to solve hadoop use cases. But if you are hired and you write a piece code using executor framework, you will be seen with suspicion generally reserved for people with casual shoes at cocktail parties. So here is post to start out thinking about threads. So a path of execution in java is known as a thread, appropriately an instance of Thread class. The main method runs in its own thread and starts up the program execution. If you implement the Runnable interface, you can run in a thread of you own. The Runnable interface has a run() method you implement your...
Read more

Spring Framework Interview Notes : Part Two Wiring

Image
The Spring container is the guy responsible to get the train moving when working with the Spring framework.  The dependency magic gets the things working by somehow getting all the stuff up and running. Now somehow we need to indicate to the spring container as to where and how to “wire” these beans. Remember these beans are also known as components. Components combine to form the structure and thus make the functionality. The concept of component scanning or component finding comes into the picture, literally searching the applications to find the beans required to create these beans. @ComponentScan is the annotation used by giving the the base packages where these components are defined using annotation or xml . Spring Framework Interview Wiring You can also use Autowiring with its attributes, which finds the beans by-name or by-type and injects them appropriately. @Component, @ComponentScan, @Autowired, @Named,  @Bean  with requires and quali...
Read more

Card Dealer In Java in Less than 5 minutes

Image
Code: package design; import java.util.Collections; import java.util.Stack; public class CardDealer { private int totalPlayers; private static Stack<Card> deck; CardDealer(int players){ totalPlayers=players; deck =  Deck.getCardDeck(); } public static void main(String[] args) { CardDealer cardDealer = new CardDealer(5); cardDealer.dealCards(); } public void dealCards(){ int cardsToPlayer = deck.size()/totalPlayers; for(int i=0;i<cardsToPlayer;i++){ for(int j=1;j<=totalPlayers;j++){ System.out.println("Player:"+j+ " gets "+deck.pop()); } } } private int getPlayers() { return totalPlayers; } }  class Deck{ static Stack<Card> deck = new Stack<Card>(); static Deck d=null; static { d = new Deck(); } public static Stack<Card> getCardDeck(){ return deck; } private Deck(){ populateDeckWithcards(); shuffle(); } pr...
Read more