-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
anyExchange().authenticated() causes AuthenticationWebFilter and AuthenticationManager invoke twice #5420
Comments
Are you using Spring Boot? If so any Filter exposed as a Bean is also registered with the servlet container. You might also post more details on how to reproduce this since AuthenticationWebFilter is a custom filter that we cannot review the code for |
|
@rwinch I've prepared sample application for you: SpringSecurityReactiveSample.zip Just run Postman/Curl and make By the way - I'd have very kind request to you: this piece of code is result of me trying to understand Spring Security documentation, so if you notice anything that is not "Spring way" of doing it - please let me know. |
here is my code //@component <---- remove bean //SecurityConfig.java
|
@taerimmk, it works indeed, but why? I think this is not correct behavior |
|
But where it resides if |
I have some problem. Remove |
@rwinch what kind of feedback regarding |
To anyone else who finds their way here because their WebFilter (e.g. AuthenticationWebFilter) is being called twice: Spring Boot automatically registers any filters marked as a I'm only restating here what @rwinch and others have said in an attempt to make the information a bit more available through search engines. |
@jhamberg I'd work with the Spring Boot team on that since it is Spring Boot that adds the |
Summary
I'm trying to authenticate against specific header in request.
My Security config is as follows:
Actual Behavior
Every time I make request to the resource that should be protected, both
AuthenticationWebFilter#filer
andAuthenticationManager#authenticate
are called twice in a row.If I comment out
.anyExchange().authenticated()
- they're called once as expectedExpected Behavior
.anyExchange().authenticated()
should not causeAuthenticationManager#authenticate
to be called twice.Version
5.0.5.RELEASE
The text was updated successfully, but these errors were encountered: