Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-1620

Wrong description of attribute "filters" from <intercept-url> Element

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Invalid
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.1.0.M2
    • Component/s: Docs and Website
    • Labels:
      None

      Description

      The reference doc of the "filters" attribute from the <intercept-url> element says, that the value "none" excludes the matched request from Spring Security's filter chain entirely.

      I think that's not true as the <intercept-url> element only configures the FilterInvocationSecurityMetadataSource which is used by the FilterSecurityInterceptor and NOT by the FilterChainProxy.
      Therefore setting the filters attribute to "none" does not exclude the request from the Spring Security filter chain entirely, right?

      This issue may also affect the reference doc of Spring Security 2.0.

        Activity

        Hide
        luke Luke Taylor added a comment -

        The docs are correct.

        Note also that this syntax is no longer supported in 3.1.

        Show
        luke Luke Taylor added a comment - The docs are correct. Note also that this syntax is no longer supported in 3.1.
        Hide
        scharfj Johannes Scharf added a comment -

        Sorry, there was a problem with our configuration which caused me to think that filters="none" would not exclude the request from the filter chain.

        Show
        scharfj Johannes Scharf added a comment - Sorry, there was a problem with our configuration which caused me to think that filters="none" would not exclude the request from the filter chain.

          People

          • Assignee:
            luke Luke Taylor
            Reporter:
            scharfj Johannes Scharf
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: