As explained earlier, Spring Security works on servlet filters. There are number of built-in servlet filters that do almost all the necessary functionalities. If needed, Spring Security does provide a mechanism to write your own custom filter and can be plugged in at the right point in the filter chain execution. Create your own filter by extending org.springframework.web.filter.GenericFilterBean
as shown in the following code snippet:
public class NewLogicFilter extends GenericFilterBean { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // Custom logic chain.doFilter(request, response); } }
Once you create your own filter, plug it into the filter chain in the Spring Security configuration file as follows:
@Configuration public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity...