Home/ Questions/Q 8334177
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T03:15:38+00:00

Is it possible to use a profile based filter in your web.xml ? For

  • 0

Is it possible to use a profile based filter in your web.xml ? For example 

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
         <init-param>
            <param-name>spring.profiles.active</param-name>
            <param-value>secured</param-value>
        </init-param>
    </filter>

I know this is possible for servlets, but I cant seem to get it to work for filters.

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Original Answer

    Filters use the ApplicationContext loaded from the ContextLoaderListener, so the <init-param> to the Filter is not used. Instead, you will want to use one of the ways of activating the profile for the ContextLoaderListener. One way is to use a as shown below:

    <context-param>
    <param-name>spring.profiles.active</param-name>
    <param-value>secured</param-value>
</context-param>

    Follow Up

    Following up based upon the comments. There is no way to omit the Filter using Spring profiles since the web.xml will always load the DelegatingFilterProxy which always tries to load its delegate. If the delegate is missing you will get an error. Instead, you can create a profile that disable Spring Security as shown below:

    <b:beans profile="default,secured">
  <http auto-config="true" use-expressions="true">
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
  </http>
  <authentication-manager>
    <authentication-provider>
      <user-service>
        <user name="user" password="password" authorities="ROLE_USER" />
      </user-service>
    </authentication-provider>
  </authentication-manager>
</b:beans>
<b:beans profile="insecure">
  <http security="none" />
</b:beans>

    You could then disable Spring Security by activating the insecure profile in your web.xml as shown below.

    <context-param>
    <param-name>spring.profiles.active</param-name>
    <param-value>insecure</param-value>
</context-param>

    If you are not using Spring Security you can disable the Filter by creating a Filter that does nothing but continue the FilterChain an placing that in the disabled profile. For example:

    public class DoFilterChainFilter implements Filter {
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        chain.doFilter(request, response);
    }
    public void destroy() { }
    public void init(FilterConfig filterConfig) throws ServletException { }
}
    • 0