Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1175: Default anonymous principal username differs in docs and in code. #1424

spring-issuemaster opened this Issue Jun 3, 2009 · 1 comment


None yet
1 participant

Max Ishchenko (Migrated from SEC-1175) said:

spring-security-2.0.4.xsd states the following (line 1141):
The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser".
Whereas the real default username is "roleAnonymous" (see org.springframework.security.config.AnonymousBeanDefinitionParser:26)

Luke Taylor said:

I've updated the parser class to use the name "anonymousUser" which I think makes more sense than the existing name (which was probably a typo). It shoudn't make much difference to most users as the information in the anonymous token is rarely required.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment