Use new SpringSecurityFilter so compatible with enhanced FilterChainProxy class.

core/src/main/java/org/springframework/security/providers/anonymous/AnonymousProcessingFilter.java

@@ -21,6 +21,8 @@ import org.springframework.security.context.SecurityContextHolder;
 
 import org.springframework.security.ui.AuthenticationDetailsSource;
 import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.FilterChainOrderUtils;
+import org.springframework.security.ui.SpringSecurityFilter;
 
 import org.springframework.security.userdetails.memory.UserAttribute;
 
@@ -33,13 +35,11 @@ import org.springframework.util.Assert;
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 
 /**
@@ -50,7 +50,7 @@ import javax.servlet.http.HttpServletRequest;
  * @author Ben Alex
  * @version $Id$
  */
-public class AnonymousProcessingFilter implements Filter, InitializingBean {
+public class AnonymousProcessingFilter  extends SpringSecurityFilter  implements InitializingBean {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(AnonymousProcessingFilter.class);
@@ -80,14 +80,11 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
      *         doesn't already have some other <code>Authentication</code> inside it), or <code>false</code> if no
      *         anonymous token should be setup for this request
      */
-    protected boolean applyAnonymousForThisRequest(ServletRequest request) {
+    protected boolean applyAnonymousForThisRequest(HttpServletRequest request) {
         return true;
     }
 
-    protected Authentication createAuthentication(ServletRequest request) {
-        Assert.isInstanceOf(HttpServletRequest.class, request,
-            "ServletRequest must be an instance of HttpServletRequest");
-
+    protected Authentication createAuthentication(HttpServletRequest request) {
         AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key, userAttribute.getPassword(),
                 userAttribute.getAuthorities());
         auth.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
@@ -95,13 +92,7 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
         return auth;
     }
 
-    /**
-     * Does nothing - we reply on IoC lifecycle services instead.
-     */
-    public void destroy() {}
-
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
+	protected void doFilterHttp(HttpServletRequest request,HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
         boolean addedToken = false;
 
         if (applyAnonymousForThisRequest(request)) {
@@ -129,7 +120,11 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
                 SecurityContextHolder.getContext().setAuthentication(null);
             }
         }
-    }
+	}
+
+	public int getOrder() {
+        return FilterChainOrderUtils.ANON_PROCESSING_FILTER_ORDER;
+	}
 
     public String getKey() {
         return key;
@@ -139,15 +134,6 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
         return userAttribute;
     }
 
-    /**
-     * Does nothing - we reply on IoC lifecycle services instead.
-     *
-     * @param ignored not used
-     *
-     * @throws ServletException DOCUMENT ME!
-     */
-    public void init(FilterConfig ignored) throws ServletException {}
-
     public boolean isRemoveAfterRequest() {
         return removeAfterRequest;
     }