Skip to content

.addFilterAfter(filter, SecurityContextHolderFilter.class) does not work properly #45985

@ReXtrem

Description

@ReXtrem

As SecurityContextPersistenceFilter is deprecated and replaced by SecurityContextHolderFilter I would expect the Filter structure is setup equally to it.

Unfortunate I cam across this weird issue when you try to add a custom authentication for a stateless application context:

SecurityContextHolder.getContext().setAuthentication(authentication);

always get's reset because of the SecurityContextPersistenceFilter kicking in before:

Even if I define my "filter" to run after SecurityContextHolderFilter

.addFilterAfter(myFilter, SecurityContextHolderFilter.class)

The chain is setup like this:

Will secure any request with filters: DisableEncodeUrlFilter, WebAsyncManagerIntegrationFilter, MyFilter, SecurityContextPersistenceFilter, ...

If I use the deprecated:

.addFilterAfter(authenticationFilter, SecurityContextPersistenceFilter.class)

The filter chain is correct:

Will secure any request with filters: DisableEncodeUrlFilter, WebAsyncManagerIntegrationFilter, SecurityContextPersistenceFilter, MyFilter, ...

Spring-Boot version: 3.4.4

Activity

snicoll

snicoll commented on Jun 17, 2025

@snicoll
Member

Please review the guidelines for contributing and open an issue in the appropriate project, if necessary.

added
status: invalidAn issue that we don't feel is valid
and removed on Jun 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: invalidAn issue that we don't feel is valid

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @snicoll@spring-projects-issues@ReXtrem

        Issue actions

          .addFilterAfter(filter, SecurityContextHolderFilter.class) does not work properly · Issue #45985 · spring-projects/spring-boot