Spring Security
  1. Spring Security
  2. SEC-1620

Wrong description of attribute "filters" from <intercept-url> Element

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Invalid
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.1.0.M2
    • Component/s: Docs and Website
    • Labels:
      None

      Description

      The reference doc of the "filters" attribute from the <intercept-url> element says, that the value "none" excludes the matched request from Spring Security's filter chain entirely.

      I think that's not true as the <intercept-url> element only configures the FilterInvocationSecurityMetadataSource which is used by the FilterSecurityInterceptor and NOT by the FilterChainProxy.
      Therefore setting the filters attribute to "none" does not exclude the request from the Spring Security filter chain entirely, right?

      This issue may also affect the reference doc of Spring Security 2.0.

        Activity

        Hide
        Luke Taylor added a comment -

        The docs are correct.

        Note also that this syntax is no longer supported in 3.1.

        Show
        Luke Taylor added a comment - The docs are correct. Note also that this syntax is no longer supported in 3.1.
        Hide
        Johannes Scharf added a comment -

        Sorry, there was a problem with our configuration which caused me to think that filters="none" would not exclude the request from the filter chain.

        Show
        Johannes Scharf added a comment - Sorry, there was a problem with our configuration which caused me to think that filters="none" would not exclude the request from the filter chain.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Johannes Scharf
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: