Spring Security
  1. Spring Security
  2. SEC-989

Spring Security Reference Documentation 2.0.x incorrectly includes <intercept-url> in <http> auto-config

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.3
    • Fix Version/s: 3.0.0 M1
    • Component/s: Docs and Website
    • Labels:
      None

      Description

      In section 2.2.2.1, "What does auto-config include", the documentation states that

      <intercept-url pattern="/**" access="ROLE_USER"/>

      is part of the default configuration. Behaviorally this does not seem to be the case (I tested it), and the HttpSecurityBeanDefinitionParser.java source seems to confirm that no intercept URLs are included as part of the default configuration.

        Activity

        Hide
        Luke Taylor added a comment -

        Thanks. This was probably left over from early design days.

        Show
        Luke Taylor added a comment - Thanks. This was probably left over from early design days.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Willie Wheeler
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: