I am currently checking all the incoming Authorization headers for JWT token values so that I can check if those tokens are blacklisted. I have implemented a custom Filter for this.
The problem is that this filter is handling all the requests that are coming into the server. I'd like to handle only the requests that are coming to the /oauth/token endpoint.
Is it possible to implement that in Spring OAuth2 Auth Server?
There are two aspects to your question, one is Filter order and two is only filtering a specific URL path. Both can be tackled by using a FilterRegistrationBean to inject your filter. See example below.
@Bean
public FilterRegistrationBean securityFilter() {
Filter f = new MySecurityFilter();
FilterRegistrationBean frb = new FilterRegistrationBean(f);
frb.setOrder(SecurityProperties.ACCESS_OVERRIDE_ORDER);
frb.setUrlPatterns(Arrays.asList("/oauth/token"));
return frb;
}
It's a question of priority of your filter. Add :
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
To your WebSecurityConfiguration should help you.
In the case your custom filter extends the OncePerRequestFilter you can override the shouldNotFilter method.
@Override
protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
return !new AntPathMatcher().match("/oauth/token", request.getServletPath());
}
From the Doc
Can be overridden in subclasses for custom filtering control, returning true to avoid filtering of the given request.
Filter interface.
oauth/token endpoint.