The packages @Hans_Engelen mentions, as indicated by the name, only handles the authorization part - not authentication. That you should implement somehow yourself.
Without a strategy for authentication you will find that IsAuthentication in your DashboardAuthorizationFilter will always be false since, well, you haven’t done any authentication, that is, establishing then identity of the caller somehow, either via ie. a cookie or header-token.
Only when you have established the identity of the caller are you able to do a proper authorization based on who they are, and that’s what you do in the DashboardAuthorizationFilter.