IEFixerFilter: workaround to get Waffle + Spring Security working in Internet Explorer

IEFixerFilter.java

// package

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;

@Component
public final class IEFixerFilter extends GenericFilterBean {
    private final Logger log = LoggerFactory.getLogger(this.getClass());

    private class IEFixerRequestWrapper extends HttpServletRequestWrapper {
        private IEFixerRequestWrapper(HttpServletRequest request) {
            super(request);
        }

        @Override
        public String getHeader(String name) {
            if (name.toLowerCase().equals("authorization")) {
                return null;
            }
            return super.getHeader(name);
        }

        @Override
        public Enumeration<String> getHeaderNames() {
            List<String> list = new ArrayList<>();
            HttpServletRequest request = (HttpServletRequest)getRequest();
            Enumeration e = request.getHeaderNames();
            while (e.hasMoreElements()) {
                String n = (String)e.nextElement();
                if (!n.equals("authorization") && !n.equals("Authorization")) {
                    list.add(n);
                }
            }
            return Collections.enumeration(list);
        }
    }

    @Override
    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
        if (request instanceof HttpServletRequest) {
            HttpServletRequest req = (HttpServletRequest) request;
            if (req.getCookies() != null &&
                    (req.getHeader("authorization") != null || req.getHeader("Authorization") != null)) {
                IEFixerRequestWrapper alteredReq = new IEFixerRequestWrapper(req);
                chain.doFilter(alteredReq, response);
            }
            else {
                chain.doFilter(req, response);
            }
        }
        else {
            chain.doFilter(request, response);
        }
    }
}

SecurityConfig.java

// package

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import waffle.servlet.spi.BasicSecurityFilterProvider;
import waffle.servlet.spi.NegotiateSecurityFilterProvider;
import waffle.servlet.spi.SecurityFilterProvider;
import waffle.servlet.spi.SecurityFilterProviderCollection;
import waffle.spring.NegotiateSecurityFilter;
import waffle.spring.NegotiateSecurityFilterEntryPoint;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    private final Logger log = LoggerFactory.getLogger(this.getClass());

    @Bean
    public WindowsAuthProviderImpl windowsAuthProvider() {
        return new WindowsAuthProviderImpl();
    }

    @Bean
    @Autowired
    public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(WindowsAuthProviderImpl authProvider) {
        return new NegotiateSecurityFilterProvider(authProvider);
    }

    @Bean
    @Autowired
    public BasicSecurityFilterProvider basicSecurityFilterProvider(WindowsAuthProviderImpl authProvider) {
        return new BasicSecurityFilterProvider(authProvider);
    }

    @Bean
    @Autowired
    public SecurityFilterProviderCollection filterProviderCollection(
            NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
            BasicSecurityFilterProvider basicSecurityFilterProvider) {

        return new SecurityFilterProviderCollection(new SecurityFilterProvider[]{
                negotiateSecurityFilterProvider, basicSecurityFilterProvider
        });
    }

    private NegotiateSecurityFilter negotiateFilter;

    @Bean
    @Autowired
    public NegotiateSecurityFilter negotiateSecurityFilter(SecurityFilterProviderCollection filterProviderCollection) {
        negotiateFilter = new NegotiateSecurityFilter();
        negotiateFilter.setProvider(filterProviderCollection);
        negotiateFilter.setImpersonate(true);
        negotiateFilter.setAllowGuestLogin(false);
        negotiateFilter.setPrincipalFormat("fqn");
        negotiateFilter.setRoleFormat("both");
        return negotiateFilter;
    }

    @Autowired
    private NegotiateSecurityFilterEntryPoint entryPoint;

    @Bean
    @Autowired
    public NegotiateSecurityFilterEntryPoint filterEntryPoint(SecurityFilterProviderCollection filterProviderCollection) {
        entryPoint = new NegotiateSecurityFilterEntryPoint();
        entryPoint.setProvider(filterProviderCollection);
        return entryPoint;
    }

    @Bean
    public IEFixerFilter ieFilter() {
        return new IEFixerFilter();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
            .and()
                .httpBasic().disable()
                .authorizeRequests()
                .antMatchers("/**").authenticated()
            .and()
                .addFilterBefore(negotiateFilter, BasicAuthenticationFilter.class)
                .addFilterAfter(ieFilter(), waffle.spring.NegotiateSecurityFilter.class)
                .exceptionHandling().authenticationEntryPoint(entryPoint);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
                .antMatchers("/static/**");
    }
}

This is sample code for a discussion on the Waffle mailing list.