Skip to content

Default security filter dispatcher types are not aligned with Spring Security's defaults #33090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
marcusdacoregio opened this issue Nov 9, 2022 · 0 comments
Closed

Default security filter dispatcher types are not aligned with Spring Security's defaults #33090

marcusdacoregio opened this issue Nov 9, 2022 · 0 comments
Assignees
@mbhave
Labels
type: bug A general bug
Milestone
3.0.0-RC2

Comments

@marcusdacoregio
Copy link

marcusdacoregio commented Nov 9, 2022
edited
Loading

spring-projects/spring-security#11027 has changed the Spring Security default by applying authorization to every request.

Currently, to apply the FilterChainProxy to all dispatcher types using Spring Boot, one can do:
spring.security.filter.dispatcher-types=request,async,error,forward,include, where the default are just request,async,error.

Spring Boot should register the FilterChainProxy to all dispatcher types by default to better align with Spring Security defaults.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 9, 2022
@wilkinsona wilkinsona changed the title Register FilterChainProxy for all dispatcher types Default security filter dispatcher types are not aligned with Spring Security's defaults Nov 9, 2022
@wilkinsona wilkinsona added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Nov 9, 2022
@wilkinsona wilkinsona added this to the 3.0.0-RC2 milestone Nov 9, 2022
@mbhave mbhave self-assigned this Nov 9, 2022
mbhave added a commit to mbhave/spring-boot that referenced this issue Nov 10, 2022
@mbhave
Align default security filter dispatcher types with Spring Security
8218785 
Fixes spring-projectsgh-33090
@mbhave mbhave closed this as completed in f4cf722 Nov 10, 2022
vpavic added a commit to vpavic/spring-boot that referenced this issue Nov 18, 2022
@vpavic
Polish SecurityProperties
ec23243 
See spring-projectsgh-33090
vpavic added a commit to vpavic/spring-boot that referenced this issue Nov 18, 2022
@vpavic
Fix Spring Security filter dispatcher types related docs
d2b3320 
See spring-projectsgh-33090
This was referenced Nov 18, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mbhave mbhave

Labels
type: bug A general bug
Projects
None yet
Milestone
3.0.0-RC2
Development

No branches or pull requests
4 participants
@wilkinsona @mbhave @marcusdacoregio @spring-projects-issues