𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗶𝗹𝘁𝗲𝗿 𝗖𝗵𝗮𝗶𝗻 𝗘𝘅𝗽𝗹𝗮𝗶𝗻𝗲𝗱

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗶𝗹𝘁𝗲𝗿 𝗖𝗵𝗮𝗶𝗻 𝗘𝘅𝗽𝗹𝗮𝗶𝗻𝗲𝗱

Every request in Spring Security passes through a filter chain.

It is a set of filters. These filters process requests before they reach your controller.

Think of it as a security checkpoint.

The filter chain helps you:

• Identify users
• Verify credentials
• Check permissions
• Handle security errors

Here is how it works:

• A request enters your app.
• Multiple filters check the request one by one.
• They check for JWT tokens.
• They check for required roles.
• They check if access is allowed.

If a check fails, the request stops. The controller never sees it.

You configure this using a SecurityFilterChain bean.

You set rules for your endpoints.

• Admin paths require admin roles.
• Other paths require authentication.

Spring creates the filters for you.

The filter chain is the central part of Spring Security. It does not protect controllers. It protects the path to the controller.

The filter chain controls access to your application.

Source: https://dev.to/sonalishahi/security-filter-chain-explained-the-heart-of-spring-security-18hh