Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Leave Filter Chain Observations Off By Default #15858

Open
jzheaux opened this issue Sep 26, 2024 · 0 comments
Open

Leave Filter Chain Observations Off By Default #15858

jzheaux opened this issue Sep 26, 2024 · 0 comments
Assignees
@jzheaux
Labels
in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Milestone
7.0.x

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Sep 26, 2024

The current default in Spring Security is that all its observations--filter chain, authentication, and authorization--are made.

In #15678, SecurityObservationSettings was added so that applications could easily change these settings. Its default is that filter chain observations are off. That is, one can opt-in to the new set of defaults by publishing this bean.

This should become the default setting even if there isn't a SecurityObservationSettings bean present.
@jzheaux jzheaux added in: config An issue in spring-security-config type: enhancement A general enhancement type: breaks-passivity A change that breaks passivity with the previous release labels Sep 26, 2024
@jzheaux jzheaux added this to the 7.0.x milestone Sep 26, 2024
@jzheaux jzheaux self-assigned this Sep 26, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@jzheaux jzheaux

Labels
in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.x
Development

No branches or pull requests
1 participant
@jzheaux