Validation with Spring Security

Comments (5)

1. 

   Willi Schönborn

   You could register the validation filter before Spring's security filter.

   • 2019-04-03T06:48:32+00:00
2. 

   Fabrice Gabolde

   The general issue here is that the OpenApiValidationFilter needs to run last; otherwise there is a risk that by the time the OpenApiValidationInterceptor gets a chance to run, the ResettableRequestServletWrapper has been wrapped in something else (need to rewrite parameters? need to stash the request body somewhere? can’t do it except by wrapping the servlet request), and validation gets disabled.

   But it also needs to run before any filter that could rewrite the parameter names, otherwise it is not validating the correct parameters. I need such a filter, for reasons beyond my control, and it is of course wrapping its input servlet request.

   What can I do?

   • 2019-09-26T16:19:15+00:00
3. 

   Sven Döring

   @Fabrice Gabolde @Fabrice Gabolde I see a possibility to achieve that.

   Add the OpenApiValidationFilter with the right @Order annotation so the filters will be called in the correct order.

   Than create a new class WrappedOpenApiValidationInterceptor there you extend the default OpenApiValidationInterceptor.
   In the preHandle method - if you encounter one of your wrapped request classes - unwrap the wrapped ResettableRequestServletWrapper and call the original OpenApiValidationInterceptor preHandle method.

   • 2019-09-30T08:49:52+00:00
4. 

   James Navin

   I am resolving this issue due to inactivity. Please feel free to re-open if Sven’s suggestion does not fix the issue.

   • 2020-07-22T02:01:40+00:00
5. 

   James Navin

   • changed status to resolved

   • 2020-07-22T02:01:56+00:00
6. Log in to comment