Comments (2)
CrazyParanoid
commented on September 28, 2024
Hi @jzheaux. This will only work with DefaultSecurityFilterChain, so I added the necessary check. But one question worries me - how many people used this, thinking that it was not a bug but a feature? And won't they get an unpleasant surprise?
from spring-security.
jzheaux
commented on September 28, 2024
Good question, @CrazyParanoid. Yes, it may be a surprise, though it's an important one since their configuration is broken. When an any-request filter chain comes before another filter chain, that second filter chain is never consulted, perhaps unbeknownst to the developer. Updating to the next minor release will help them fix this configuration bug.
from spring-security.
Related Issues (20)
- Make Security Observations Selectable
- Support Global Observation Convention Configuration
- Update eclipse/vscode configuration to use -parameters
- Update eclipse/vscode configuration to use -parameters
- Disabling credentials erasure on custom AuthenticationManager is not working HOT 5
- Possible bug in AbstractRequestMatcherRegistry#requireOnlyPathMappedDispatcherServlet? (DispatcherServlet not found when resolving request matcher) HOT 1
- Dynamic Configuration of SecurityWebFilterChain with ServerHttpSecurity and Potential for Improvement HOT 1
- Spring Session / Security - Redis Sessions not being properly deleted HOT 2
- Full authentication is required to access this resource HOT 3
- Support `@AuthorizedReturnObject` for Java Records
- Consider a better default for OTT's `GeneratedOneTimeTokenHandler` HOT 1
- Add One-Time Token Login support to Kotlin DSL
- Add Reactive One-Time Token Login support HOT 3
- Make AuthorizationAnnotationUtils public HOT 1
- When saml 2.0 is hitting the oAuth using open saml session data is getting appended to url hence exposing the data.We are on upgraded 2.0 saml. HOT 3
- Supporting logout+jwt for back-channel logout with spring-webflux HOT 1
- Documentation inconsistency in AuthorizationManager's verify method return type HOT 1
- Spring security without spring or spring boot
- Throw AuthorizationDeniedException when AuthorizationResult is available HOT 3
- Provide a way to customize the default RequestCache without replacing the entire implementation HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-security.