Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove ErrorPageSecurityFilter now that security filters all dispatchers by default and not only once per request #31703

Closed
wilkinsona opened this issue Jul 13, 2022 · 0 comments
Closed

Remove ErrorPageSecurityFilter now that security filters all dispatchers by default and not only once per request #31703

wilkinsona opened this issue Jul 13, 2022 · 0 comments
Assignees
@mbhave
Labels
type: task A general task
Milestone
3.0.0-RC1

Comments

@wilkinsona
Copy link
Member

No description provided.

@wilkinsona wilkinsona added the type: task A general task label Jul 13, 2022
@wilkinsona wilkinsona added this to the 3.0.x milestone Jul 13, 2022
wilkinsona added a commit that referenced this issue Jul 13, 2022
@wilkinsona
Adapt to change in Security's filtering behavior
4bd3534 
Spring Security now filters every dispatch by default and not only
once-per-request. Security configuration has been updated in a number of
places to restore the old behavior as needed for the tests to pass.
gh-31703 has been opened to review this and to investigate if we can
now remove the error page security filter and rely on the filtering of
every dispatch instead.

In addition to switching to once-per-request filtering where needed,
this commit also restructures the configuration of the error page
security filter. The restructuring was necessary to ensure that the
privilege evaluator bean has been defined before the conditions on the
error page security filter are evaluated. Without the change, the filter
was no longer being configured as the privilege evaluator hadn't been
defined before the on bean condition was evaluated. We may want to back
port this change as the ordering doesn't appear to have been defined
before and we were just getting lucky.

See gh-31622
See spring-projects/spring-security#11466
@mbhave mbhave self-assigned this Jul 13, 2022
@vpavic vpavic mentioned this issue Jul 15, 2022
Closed
@wilkinsona wilkinsona mentioned this issue Jul 25, 2022
Closed
@marcusdacoregio marcusdacoregio mentioned this issue Jul 26, 2022
Closed
@philwebb philwebb added for: team-attention An issue we'd like other members of the team to review and removed for: team-attention An issue we'd like other members of the team to review labels Oct 5, 2022
@mbhave mbhave changed the title Investigate removing ErrorPageSecurityFilter now that security filters all dispatchers by default and not only once per request Remove ErrorPageSecurityFilter now that security filters all dispatchers by default and not only once per request Oct 19, 2022
@mbhave mbhave modified the milestones: 3.0.x, 3.0.0-RC1 Oct 19, 2022
@mbhave mbhave closed this as completed in cedd553 Oct 19, 2022
@marcusdacoregio marcusdacoregio mentioned this issue Oct 24, 2022
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mbhave mbhave

Labels
type: task A general task
Projects
None yet
Milestone
3.0.0-RC1
Development

No branches or pull requests
3 participants
@philwebb @wilkinsona @mbhave