Boudhayan Dev boudhayan-dev

## MultipleSecurityConfig.java
@Configuration
@EnableWebSecurity(debug=true)
public class MultipleSecurityCofig extends WebSecurityConfigurerAdapter {

	@Order(1)
	@Configuration
	public  static class EmployeeConfig extends WebSecurityConfigurerAdapter{

		@Override
		protected void configure(HttpSecurity http) throws Exception {

## AuditLogFilter.java
public class AuditLogFilter implements Filter {

	public static final Logger log = LoggerFactory.getLogger(AuditLogFilter.class);

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		log.info("Manager Login Detected at {} ",Instant.now());
		chain.doFilter(request, response);
	}

## CustomDelegateFilterProxy.java
@Configuration
public class FilterConfiguration {

	@Bean
	public FilterRegistrationBean<DelegatingFilterProxy> getDelegatFilterRegistrationBean(){
		DelegatingFilterProxy delegateFilterProxy = new DelegatingFilterProxy(new LogFilter());
		FilterRegistrationBean<DelegatingFilterProxy> regBean = new FilterRegistrationBean<>(delegateFilterProxy);
		regBean.setOrder(-150);
		regBean.setName("LoggerDelegatingFilterProxy");
		return regBean;

## LogFilter.java
public class LogFilter implements Filter {

	public static final Logger log = LoggerFactory.getLogger(LogFilter.class);

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {

		HttpServletRequest req = (HttpServletRequest) request;
		MDC.put("LOGID", UUID.randomUUID().toString());

## DefaultFilterChain.java
protected void configure(HttpSecurity http) throws Exception {
  this.logger.debug("Using default configure(HttpSecurity). "
      + "If subclassed this will potentially override subclass configure(HttpSecurity).");
  http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
  http.formLogin();
  http.httpBasic();
}

## SecurityFilterChain.java
// STEP 1 : Instatiation of the FilterChainProxy Bean
@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
public Filter springSecurityFilterChain() throws Exception {
  boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
  boolean hasFilterChain = !this.securityFilterChains.isEmpty();
  Assert.state(!(hasConfigurers && hasFilterChain),
      "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
  if (!hasConfigurers && !hasFilterChain) {
    WebSecurityConfigurerAdapter adapter = this.objectObjectPostProcessor
        .postProcess(new WebSecurityConfigurerAdapter() {

## FilterChainProxy.java
// 1. FilterChainProxy -> doFilter Method

private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain)
    throws IOException, ServletException {
  FirewalledRequest firewallRequest = this.firewall.getFirewalledRequest((HttpServletRequest) request);
  HttpServletResponse firewallResponse = this.firewall.getFirewalledResponse((HttpServletResponse) response);
  List<Filter> filters = getFilters(firewallRequest);
  if (filters == null || filters.size() == 0) {
    if (logger.isTraceEnabled()) {
      logger.trace(LogMessage.of(() -> "No security for " + requestLine(firewallRequest)));

## WebSecurityConfiguration.java
@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
public Filter springSecurityFilterChain() throws Exception {
  boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
  boolean hasFilterChain = !this.securityFilterChains.isEmpty();
  Assert.state(!(hasConfigurers && hasFilterChain),
      "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
  if (!hasConfigurers && !hasFilterChain) {
    WebSecurityConfigurerAdapter adapter = this.objectObjectPostProcessor
        .postProcess(new WebSecurityConfigurerAdapter() {
        });

## SecurityConfiguration.java
@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.sessionManagement().disable();
		http.cors().disable();
		http.csrf().disable();
		http.logout().disable();

## DelegatingFilterProxy.java
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
    throws ServletException, IOException {

  // Lazily initialize the delegate if necessary.
  Filter delegateToUse = this.delegate;
  if (delegateToUse == null) {
    synchronized (this.delegateMonitor) {
      delegateToUse = this.delegate;
      if (delegateToUse == null) {
	@Configuration
	@EnableWebSecurity(debug=true)
	public class MultipleSecurityCofig extends WebSecurityConfigurerAdapter {

	@Order(1)
	@Configuration
	public static class EmployeeConfig extends WebSecurityConfigurerAdapter{

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	public class AuditLogFilter implements Filter {

	public static final Logger log = LoggerFactory.getLogger(AuditLogFilter.class);

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
	throws IOException, ServletException {
	log.info("Manager Login Detected at {} ",Instant.now());
	chain.doFilter(request, response);
	}
	@Configuration
	public class FilterConfiguration {

	@Bean
	public FilterRegistrationBean<DelegatingFilterProxy> getDelegatFilterRegistrationBean(){
	DelegatingFilterProxy delegateFilterProxy = new DelegatingFilterProxy(new LogFilter());
	FilterRegistrationBean<DelegatingFilterProxy> regBean = new FilterRegistrationBean<>(delegateFilterProxy);
	regBean.setOrder(-150);
	regBean.setName("LoggerDelegatingFilterProxy");
	return regBean;
	public class LogFilter implements Filter {

	public static final Logger log = LoggerFactory.getLogger(LogFilter.class);

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
	throws IOException, ServletException {

	HttpServletRequest req = (HttpServletRequest) request;
	MDC.put("LOGID", UUID.randomUUID().toString());
	protected void configure(HttpSecurity http) throws Exception {
	this.logger.debug("Using default configure(HttpSecurity). "
	+ "If subclassed this will potentially override subclass configure(HttpSecurity).");
	http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
	http.formLogin();
	http.httpBasic();
	}
	// STEP 1 : Instatiation of the FilterChainProxy Bean
	@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
	public Filter springSecurityFilterChain() throws Exception {
	boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
	boolean hasFilterChain = !this.securityFilterChains.isEmpty();
	Assert.state(!(hasConfigurers && hasFilterChain),
	"Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
	if (!hasConfigurers && !hasFilterChain) {
	WebSecurityConfigurerAdapter adapter = this.objectObjectPostProcessor
	.postProcess(new WebSecurityConfigurerAdapter() {
	// 1. FilterChainProxy -> doFilter Method

	private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain)
	throws IOException, ServletException {
	FirewalledRequest firewallRequest = this.firewall.getFirewalledRequest((HttpServletRequest) request);
	HttpServletResponse firewallResponse = this.firewall.getFirewalledResponse((HttpServletResponse) response);
	List<Filter> filters = getFilters(firewallRequest);
	if (filters == null \|\| filters.size() == 0) {
	if (logger.isTraceEnabled()) {
	logger.trace(LogMessage.of(() -> "No security for " + requestLine(firewallRequest)));
	@Configuration
	@EnableWebSecurity(debug = true)
	public class SecurityConfiguration extends WebSecurityConfigurerAdapter{

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http.sessionManagement().disable();
	http.cors().disable();
	http.csrf().disable();
	http.logout().disable();
	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
	throws ServletException, IOException {

	// Lazily initialize the delegate if necessary.
	Filter delegateToUse = this.delegate;
	if (delegateToUse == null) {
	synchronized (this.delegateMonitor) {
	delegateToUse = this.delegate;
	if (delegateToUse == null) {