Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-989

Spring Security Reference Documentation 2.0.x incorrectly includes <intercept-url> in <http> auto-config

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.3
    • Fix Version/s: 3.0.0 M1
    • Component/s: Docs and Website
    • Labels:
      None

      Description

      In section 2.2.2.1, "What does auto-config include", the documentation states that

      <intercept-url pattern="/**" access="ROLE_USER"/>

      is part of the default configuration. Behaviorally this does not seem to be the case (I tested it), and the HttpSecurityBeanDefinitionParser.java source seems to confirm that no intercept URLs are included as part of the default configuration.

        Activity

        Hide
        luke Luke Taylor added a comment -

        Thanks. This was probably left over from early design days.

        Show
        luke Luke Taylor added a comment - Thanks. This was probably left over from early design days.

          People

          • Assignee:
            luke Luke Taylor
            Reporter:
            wwheeler Willie Wheeler
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: