Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1620: Wrong description of attribute "filters" from <intercept-url> Element #1809

spring-issuemaster opened this Issue Nov 10, 2010 · 2 comments


None yet
1 participant

Johannes Scharf (Migrated from SEC-1620) said:

The reference doc of the "filters" attribute from the element says, that the value "none" excludes the matched request from Spring Security's filter chain entirely.

I think that's not true as the element only configures the FilterInvocationSecurityMetadataSource which is used by the FilterSecurityInterceptor and NOT by the FilterChainProxy.
Therefore setting the filters attribute to "none" does not exclude the request from the Spring Security filter chain entirely, right?

This issue may also affect the reference doc of Spring Security 2.0.

Luke Taylor said:

The docs are correct.

Note also that this syntax is no longer supported in 3.1.

Johannes Scharf said:

Sorry, there was a problem with our configuration which caused me to think that filters="none" would not exclude the request from the filter chain.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment