-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FilterInvocation should support getDispatcherType() #15042
Comments
just ran into this myself! Using 5.8.12 with latest Spring Boot 2.7 |
Thanks for the report @chrylis, do you have a minimal, reproducible sample that we can try it out? I'd like to see how exactly the |
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed. |
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue. |
Describe the bug
The core
HttpSecurity
builder supportsdispatcherTypeMatchers
, butFilterInvocation
throwsUnsupportedOperationException
if they are invoked.During an upgrade of an older Boot Servlet project, I ran into the problem where the Spring Boot
/error
mapping is no longer allowed by default, at least for 403 errors. I tried the suggested resolution of addingdispatcherTypeMatchers(ERROR).permitAll()
to mySecurityFilterChain
bean. This throws an exception in 5.7.11 (the default with the last Boot 2.7) and 5.8.12.The problem appears to be that
DefaultWebInvocationPrivilegeEvaluator
uses aDummyRequest
instead of the real request but does not implement core API methods; many/most other methods were supported as part of #8566.To Reproduce
dispatcherTypeMatchers(ERROR).permitAll()
in aSecurityFilterChain
.AnonymousAuthenticationToken
)Expected behavior
The matcher permits the error page to proceed.
Actual behavior
The text was updated successfully, but these errors were encountered: