Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Javadoc for AuthorizationFilter#filterErrorDispatch is wrong #13456

Closed
HackSung opened this issue Jul 6, 2023 · 2 comments
Closed

Javadoc for AuthorizationFilter#filterErrorDispatch is wrong #13456

HackSung opened this issue Jul 6, 2023 · 2 comments
Assignees
@marcusdacoregio
Labels
in: docs An issue in Documentation or samples type: bug A general bug
Milestone
6.0.5

Comments

@HackSung
Copy link

HackSung commented Jul 6, 2023
edited

In the Spring Security 6.1.1,
The javadoc for the setFilterErrorDispatch method of the AuthorizationFilter class states that the default value of the filterErrorDispatch property is false.
However, in the AuthorizationFilter code, it is implemented as follows
private boolean filterErrorDispatch = true;

Shouldn't it modify the default value to false?
The same goes for filterAsyncDispatch.
@HackSung HackSung added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jul 6, 2023
@marcusdacoregio marcusdacoregio changed the title filterErrorDispatch property default value of AuthorizationFilter Class Documented default value for AuthorizationFilter#filterErrorDispatch is wrong Jul 7, 2023
@marcusdacoregio marcusdacoregio self-assigned this Jul 7, 2023
@marcusdacoregio marcusdacoregio added in: docs An issue in Documentation or samples and removed status: waiting-for-triage An issue we've not yet triaged labels Jul 7, 2023
@marcusdacoregio marcusdacoregio changed the title Documented default value for AuthorizationFilter#filterErrorDispatch is wrong Javadoc for AuthorizationFilter#filterErrorDispatch is wrong Jul 7, 2023
@marcusdacoregio marcusdacoregio added this to the 6.0.5 milestone Jul 7, 2023
@marcusdacoregio marcusdacoregio mentioned this issue Jul 7, 2023
Closed
@HackSung
Copy link
Author

HackSung commented Jul 9, 2023

@marcusdacoregio
First, Thank you for your quick action.
Actually, I was expecting to modify the filterErrorDispatch property to false in the code,
not to modify the default to true in the javadoc of filterErrorDispatch.
The reason is that in the Spring Boot, the default dispatcher type for filter is only DispatcherType.REQUST and DispatcherType.ERROR is missing.
Similarly, wouldn't it be more common for AuthorizationFilter to omit cases where the dispatcher type is ERROR?

@marcusdacoregio
Copy link
Contributor

Hi @HackSung, since 6.0 Spring Security applies authorization to every dispatcher type, and Spring Boot is also aligned with that. If you want to allow access to a dispatcher type you must do it explicitly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: docs An issue in Documentation or samples type: bug A general bug
Projects
Spring Security Team
Archived in project
Milestone
6.0.5
Development

No branches or pull requests
2 participants
@marcusdacoregio @HackSung