some improvements

predicate@bonzo · predicate@bonzo · commit f63a3e98ebb1 · 2022-01-07T16:10:59.000+01:00
* access AbstractAuthenticationProcessingFilter class directly instead
of calling getSuperclass()
* catch ClassCastException for matchers that are not
instances of AntPathRequestMatcher
* ignore authentication filters that produce errors (such as wrong login
endpoints) instead of assuming /login path
diff --git a/springdoc-openapi-security/src/main/java/org/springdoc/security/SpringDocSecurityConfiguration.java b/springdoc-openapi-security/src/main/java/org/springdoc/security/SpringDocSecurityConfiguration.java
@@ -49,6 +49,7 @@
 import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -133,16 +134,15 @@ OpenApiCustomiser springSecurityLoginEndpointCustomiser(ApplicationContext appli
 						operation.responses(apiResponses);
 						operation.addTagsItem("login-endpoint");
 						PathItem pathItem = new PathItem().post(operation);
-						String loginPath = "/login";
 						try {
-							Field requestMatcherField = usernamePasswordAuthenticationFilter.getClass().getSuperclass().getDeclaredField("requiresAuthenticationRequestMatcher");
+							Field requestMatcherField = AbstractAuthenticationProcessingFilter.class.getDeclaredField("requiresAuthenticationRequestMatcher");
 							requestMatcherField.setAccessible(true);
 							AntPathRequestMatcher requestMatcher = (AntPathRequestMatcher) requestMatcherField.get(usernamePasswordAuthenticationFilter);
-							loginPath = requestMatcher.getPattern();
+							String loginPath = requestMatcher.getPattern();
 							requestMatcherField.setAccessible(false);
-						} catch (NoSuchFieldException | IllegalAccessException ignored) {
+							openAPI.getPaths().addPathItem(loginPath, pathItem);
+						} catch (NoSuchFieldException | IllegalAccessException | ClassCastException ignored) {
 						}
-						openAPI.getPaths().addPathItem(loginPath, pathItem);
 					}
 				}
 			};
