Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Deprecate shouldFilterAllDispatcherTypes #12138

Closed
marcusdacoregio opened this issue Nov 3, 2022 · 0 comments
Closed

Deprecate shouldFilterAllDispatcherTypes #12138

marcusdacoregio opened this issue Nov 3, 2022 · 0 comments
Assignees
Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Milestone

Comments

@marcusdacoregio
Copy link
Contributor

The shouldFilterAllDispatcherTypes property was added to configure the AuthorizationFilter to apply to every dispatcher type.

In Spring Security 5, the default value is false and in Spring Security 6 it is true.
It is not recommended to set this property to false just to not apply to all the dispatcher types, instead, the dispatcher types should be permitted using the security DSL.

Instead of:

@Bean
SecurityFilterChain filterChain(HttpSecurity http) {
    http
        .authorizeHttpRequests((authz) -> authz
           .shouldFilterAllDispatcherTypes(false)
        );
}

do:

@Bean
SecurityFilterChain filterChain(HttpSecurity http) {
    http
        .authorizeHttpRequests((authz) -> authz
           .dispatcherTypeMatchers(DispatcherType.ERROR, DispatcherType.ASYNC).permitAll()
        );
}
@marcusdacoregio marcusdacoregio added in: config An issue in spring-security-config type: enhancement A general enhancement labels Nov 3, 2022
@marcusdacoregio marcusdacoregio added this to the 6.1.0-M1 milestone Nov 3, 2022
@marcusdacoregio marcusdacoregio self-assigned this Nov 3, 2022
@marcusdacoregio marcusdacoregio modified the milestones: 6.1.0-M1, 6.1.0-M2 Jan 16, 2023
@jzheaux jzheaux removed this from the 6.1.0-M2 milestone Mar 20, 2023
@marcusdacoregio marcusdacoregio added this to the 6.1.0-RC1 milestone Apr 13, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Projects
None yet
Development

No branches or pull requests

2 participants