From dbb2e00ed86b54cf6be3ff3b82911d95abf89275 Mon Sep 17 00:00:00 2001 From: Michael Hirsch Date: Mon, 20 Jun 2016 10:16:15 +0200 Subject: [PATCH] re-order tenant lazy initialization filter after authentication chain Signed-off-by: Michael Hirsch --- .../autoconfigure/security/SecurityManagedConfiguration.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java index fc7a0a1e4..0b68246ff 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java @@ -83,6 +83,7 @@ import org.springframework.security.web.header.writers.frameoptions.StaticAllowF import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter; import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode; import org.springframework.security.web.session.HttpSessionEventPublisher; +import org.springframework.security.web.session.SessionManagementFilter; import org.vaadin.spring.security.VaadinSecurityContext; import org.vaadin.spring.security.annotation.EnableVaadinSecurity; import org.vaadin.spring.security.web.VaadinDefaultRedirectStrategy; @@ -333,7 +334,7 @@ public class SecurityManagedConfiguration { }, RequestHeaderAuthenticationFilter.class) .addFilterAfter( new AuthenticationSuccessTenantMetadataCreationFilter(tenantAware, systemManagement), - RequestHeaderAuthenticationFilter.class) + SessionManagementFilter.class) .authorizeRequests().anyRequest().authenticated() .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**") .hasAnyAuthority(SpPermission.SYSTEM_ADMIN)