SEC-2723: Add meta-data to bean definitions of Spring Security Filter beans identifying them as "inner" #2948
Labels
in: config
An issue in spring-security-config
in: core
An issue in spring-security-core
type: enhancement
A general enhancement
type: jira
An issue that was migrated from JIRA
Comments
spring-projects-issues
added
in: core
rwinch
added
in: config
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dave Syer (Migrated from SEC-2723) said:
Add meta-data to bean definitions of Spring Security Filter beans identifying them as "inner", meaning that they have the Filter interface, but are not registered with the ServletContext (in retrospect maybe a different interface would have been better, but it's too late for that). The Filter beans created by Spring Security (with the exception of the global "springSecurityFilterChain"), and the ones added as custom filters, often trip up users of Spring Boot. If Spring Security could help us identify those beans it would make it easier to exclude them from the ServletContext.
The text was updated successfully, but these errors were encountered: