SEC-1620: Wrong description of attribute "filters" from <intercept-url> Element #1809

Closed
spring-issuemaster opened this Issue Nov 10, 2010 · 2 comments

1 participant

@spring-issuemaster

Johannes Scharf (Migrated from SEC-1620) said:

The reference doc of the "filters" attribute from the element says, that the value "none" excludes the matched request from Spring Security's filter chain entirely.

I think that's not true as the element only configures the FilterInvocationSecurityMetadataSource which is used by the FilterSecurityInterceptor and NOT by the FilterChainProxy.
Therefore setting the filters attribute to "none" does not exclude the request from the Spring Security filter chain entirely, right?

This issue may also affect the reference doc of Spring Security 2.0.

@spring-issuemaster

Luke Taylor said:

The docs are correct.

Note also that this syntax is no longer supported in 3.1.

@spring-issuemaster

Johannes Scharf said:

Sorry, there was a problem with our configuration which caused me to think that filters="none" would not exclude the request from the filter chain.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment