Spring Security
  1. Spring Security
  2. SEC-1175

Default anonymous principal username differs in docs and in code.

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.0.0 M2
    • Component/s: Web
    • Labels:
      None

      Description

      spring-security-2.0.4.xsd states the following (line 1141):
      The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser".
      Whereas the real default username is "roleAnonymous" (see org.springframework.security.config.AnonymousBeanDefinitionParser:26)

        Activity

        Hide
        Luke Taylor added a comment -

        I've updated the parser class to use the name "anonymousUser" which I think makes more sense than the existing name (which was probably a typo). It shoudn't make much difference to most users as the information in the anonymous token is rarely required.

        Show
        Luke Taylor added a comment - I've updated the parser class to use the name "anonymousUser" which I think makes more sense than the existing name (which was probably a typo). It shoudn't make much difference to most users as the information in the anonymous token is rarely required.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Max Ishchenko
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: