Spring Security
  1. Spring Security
  2. SEC-1152

auto-config changes: Move <anonymous> to default configuration

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.0.0 M1
    • Component/s: None
    • Labels:
      None

      Description

      An AnonymousProcessingFilter should probably be added to the configuration by default, rather than only with auto-config, with the option of disabling it by using an "enabled" flag on the element:

      <anonymous enabled="false" />

      The AnonymousProcessingFilter has very little impact on most apps, but some users try to use the corresponding IS_AUTHENTICATED attributes without auto-config enabled and don't realise why it doesn't work.

        Activity

        Hide
        Luke Taylor added a comment -

        Remember-me part was already done (SEC-1044). Changing description to apply only to anonymous auth.

        Show
        Luke Taylor added a comment - Remember-me part was already done ( SEC-1044 ). Changing description to apply only to anonymous auth.
        Hide
        Luke Taylor added a comment -

        I've modified HttpSecurityBeanDefinitionParser and its tests to enable the anonymous filter by default.

        Show
        Luke Taylor added a comment - I've modified HttpSecurityBeanDefinitionParser and its tests to enable the anonymous filter by default.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: