override OncePerRequestFilter#getAlreadyFilteredAttributeName in AuthenticationFilter (#17173)

therepanic · therepanic · commit f6d7736662eb · 2025-05-30T17:00:44.000+03:00
Signed-off-by: Andrey Litvitski &lt;andrey1010102008@gmail.com&gt;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,6 +64,7 @@
  * </ul>
  *
  * @author Sergey Bespalov
+ * @author Andrey Litvitski
  * @since 5.2.0
  */
 public class AuthenticationFilter extends OncePerRequestFilter {
@@ -222,4 +223,9 @@ private Authentication attemptAuthentication(HttpServletRequest request, HttpSer
 		return authenticationResult;
 	}
 
+	@Override
+	protected String getAlreadyFilteredAttributeName() {
+		return getClass().getName() + "-" + System.identityHashCode(this) + ".FILTERED";
+	}
+
 }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 package org.springframework.security.web.authentication;
 
 import jakarta.servlet.FilterChain;
+import jakarta.servlet.Servlet;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.ServletRequest;
 import jakarta.servlet.ServletResponse;
@@ -57,6 +58,7 @@
 
 /**
  * @author Sergey Bespalov
+ * @author Andrey Litvitski
  * @since 5.2.0
  */
 @ExtendWith(MockitoExtension.class)
@@ -318,4 +320,18 @@ public void filterWhenCustomSecurityContextRepositoryAndSuccessfulAuthentication
 		assertThat(securityContextArg.getValue().getAuthentication()).isEqualTo(authentication);
 	}
 
+	@Test
+	public void filterWhenInFilterChainThenBothAreExecuted() throws Exception {
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		AuthenticationFilter filter1 = new AuthenticationFilter(this.authenticationManager,
+				this.authenticationConverter);
+		AuthenticationConverter converter2 = mock(AuthenticationConverter.class);
+		AuthenticationFilter filter2 = new AuthenticationFilter(this.authenticationManager, converter2);
+		FilterChain chain = new MockFilterChain(mock(Servlet.class), filter1, filter2);
+		chain.doFilter(request, response);
+		verify(this.authenticationConverter).convert(any());
+		verify(converter2).convert(any());
+	}
+
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2022 the original author or authors.`
	`2`	`+ * Copyright 2002-2025 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -64,6 +64,7 @@`
`64`	`64`	`* </ul>`
`65`	`65`	`*`
`66`	`66`	`* @author Sergey Bespalov`
	`67`	`+ * @author Andrey Litvitski`
`67`	`68`	`* @since 5.2.0`
`68`	`69`	`*/`
`69`	`70`	`public class AuthenticationFilter extends OncePerRequestFilter {`
`@@ -222,4 +223,9 @@ private Authentication attemptAuthentication(HttpServletRequest request, HttpSer`
`222`	`223`	`return authenticationResult;`
`223`	`224`	`}`
`224`	`225`
	`226`	`+ @Override`
	`227`	`+ protected String getAlreadyFilteredAttributeName() {`
	`228`	`+ return getClass().getName() + "-" + System.identityHashCode(this) + ".FILTERED";`
	`229`	`+ }`
	`230`	`+`
`225`	`231`	`}`