Why is there a need to have UsernamePasswordAuthenticationFilter?

[danielGz]

Hello, I've set up your project with some modifications to run without spring boot and noticed that having addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class); causes the request flow to stop, specifically in these lines under UsernamePasswordAuthenticationFilter:

String username = obtainUsername(request);
		String password = obtainPassword(request);

		if (username == null) {
			username = "";
		}

		if (password == null) {
			password = "";
		}

		username = username.trim();

		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
				username, password);

		// Allow subclasses to set the "details" property
		setDetails(request, authRequest);

		return this.getAuthenticationManager().authenticate(authRequest);

since obtainUsername does nothing but call request.getParameter(usernameParameter); which returns an empty string my question is Why is there a need to have this filter if the JW token has already been validated?

[danielGz]

To give more context, I know you extended UsernamePasswordAuthenticationFilter in the past, seems to me the best approach because this way there is an extra step in the chain process.

[szerhusenBC]

Closed, because I published a complete new version.