Page tree
Skip to end of metadata
Go to start of metadata

Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 101 rates

The Spring Security filter (actually its a whole filter chain) is configured in the root WebApplicationContext. In web.xml you have a DelegatingFilterProxy that finds the filter in the context and delegates all requests to it.

Note that Magnolia invalidates the session when logging into AdminCentral.

Alternative 1: Configure the filter in web.xml

With Magnolia and Blossom you do it the same way, except instead of using DelegatingFilterProxy you use InstallationAwareDelegatingFilterProxy. It will defer looking up the filter in the context until magnolia has installed/updated and your module have created the root WebApplicationContext.

Configure the delegating filter like this:


Alternative 2: Configure the filter in the Magnolia filter chain

It's also possible to add it to the filter chain if you want to centralize everything in your module and keep web.xml clean. Use info.magnolia.cms.filters.FilterDecorator for this.

You'll want to make sure its placed early in the chain. You should also make sure that the filter chain isnt bypassed for any requests that you want Spring Security to filter.

1 Comment

  1. What is the purpose of adding the spring security filter, if magnolia security and spring security don't share the same security context?