Spring Security - Custom filter not working as Expected

Hi everyone,

I hope someone could help me.

Im developing a security module where I would like to apply authentication mechanisms to separate REST urls.

My issue is that my custom filter is applied to all URLs that I enter. I thought that if I changed the intercept URL pattern then the filter would not need to be applied? can anyone help me understand this?

Here’s my Config

<context:component-scan base-package="uk.co.mycompany.security" /> <context:component-scan base-package="uk.co.mycompany.security.crypto" /> <http create-session="stateless" use-expressions="true" entry-point-ref="restAuthenticationEntryPoint" authentication-manager-ref="authenticationManager"> <intercept-url pattern="/database/register/user**" access="ROLE_USER"/> <custom-filter ref="customRestFilter" position="BASIC_AUTH_FILTER" /> <form-login authentication-success-handler-ref="mySuccessHandler" /> <logout /> </http> <beans:bean id="customRestFilter" class="uk.co.mycompany.security.CustomRestSecurityFilter"> <beans:constructor-arg name="authenticationManager" ref="authenticationManager" /> <beans:constructor-arg name="encrypter" ref="aesCrypter" /> </beans:bean> <beans:bean id="mySuccessHandler" class="uk.co.mycompany.security.SavedRequestAwareAuthenticationSuccessHandler"/> <authentication-manager alias="authenticationManager"> <authentication-provider ref="restAuthenticationProvider" /> </authentication-manager> <beans:bean id="restAuthenticationProvider" class="uk.co.mycompany.security.RestAuthenticationProvider" /> <beans:bean id="aesCrypter" class="uk.co.mycompany.security.crypto.AesCrypter" /> </beans:beans>

So if I access /database/register/user - The customRestFilter is applied

but if I access /database/login - The customRestFilter is also applied - I thought this would not be the case???

Can anyone help me understand this please??