Skip to content

Deprecate shouldFilterAllDispatcherTypes #12138

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
Deprecate shouldFilterAllDispatcherTypes#12138
Assignees
marcusdacoregio
Labels
in: configAn issue in spring-security-configtype: enhancementA general enhancement
Milestone
 
6.1.0-RC1
@marcusdacoregio

Description

@marcusdacoregio
marcusdacoregio
opened on Nov 3, 2022

The shouldFilterAllDispatcherTypes property was added to configure the AuthorizationFilter to apply to every dispatcher type.

In Spring Security 5, the default value is false and in Spring Security 6 it is true.
It is not recommended to set this property to false just to not apply to all the dispatcher types, instead, the dispatcher types should be permitted using the security DSL.

Instead of:

@Bean
SecurityFilterChain filterChain(HttpSecurity http) {
    http
        .authorizeHttpRequests((authz) -> authz
           .shouldFilterAllDispatcherTypes(false)
        );
}

do:

@Bean
SecurityFilterChain filterChain(HttpSecurity http) {
    http
        .authorizeHttpRequests((authz) -> authz
           .dispatcherTypeMatchers(DispatcherType.ERROR, DispatcherType.ASYNC).permitAll()
        );
}

Metadata

Assignees

Labels

in: configAn issue in spring-security-configtype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions