You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the Spring Security 6.1.1,
The javadoc for the setFilterErrorDispatch method of the AuthorizationFilter class states that the default value of the filterErrorDispatch property is false.
However, in the AuthorizationFilter code, it is implemented as follows private boolean filterErrorDispatch = true;
Shouldn't it modify the default value to false?
The same goes for filterAsyncDispatch.
The text was updated successfully, but these errors were encountered:
marcusdacoregio
changed the title
filterErrorDispatch property default value of AuthorizationFilter Class
Documented default value for AuthorizationFilter#filterErrorDispatch is wrong
Jul 7, 2023
marcusdacoregio
changed the title
Documented default value for AuthorizationFilter#filterErrorDispatch is wrong
Javadoc for AuthorizationFilter#filterErrorDispatch is wrong
Jul 7, 2023
@marcusdacoregio
First, Thank you for your quick action.
Actually, I was expecting to modify the filterErrorDispatch property to false in the code,
not to modify the default to true in the javadoc of filterErrorDispatch.
The reason is that in the Spring Boot, the default dispatcher type for filter is only DispatcherType.REQUST and DispatcherType.ERROR is missing.
Similarly, wouldn't it be more common for AuthorizationFilter to omit cases where the dispatcher type is ERROR?
Hi @HackSung, since 6.0 Spring Security applies authorization to every dispatcher type, and Spring Boot is also aligned with that. If you want to allow access to a dispatcher type you must do it explicitly
In the Spring Security 6.1.1,
The javadoc for the setFilterErrorDispatch method of the AuthorizationFilter class states that the default value of the filterErrorDispatch property is false.
However, in the AuthorizationFilter code, it is implemented as follows
private boolean filterErrorDispatch = true;
Shouldn't it modify the default value to false?
The same goes for filterAsyncDispatch.
The text was updated successfully, but these errors were encountered: