GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Clarify authorize-http-requests docs 

Issue gh-11467
pull/11464/head
Marcus Da Coregio 3 years ago
parent
64ba31aebb
commit
9608eaa138
1 changed files with 2 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc

8
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
Unescape View File

@ -206,8 +206,8 @@ open fun web(http: HttpSecurity): SecurityFilterChain { @@ -206,8 +206,8 @@ open fun web(http: HttpSecurity): SecurityFilterChain {
----
====
Now with the authorization rules applying to all dispatcher types, you have more control of the authorization on them.
For example, you may want to configure `shouldFilterAllDispatcherTypes` to `true` but not apply authorization on requests with dispatcher type `ASYNC` or `FORWARD`.
Instead of setting `shouldFilterAllDispatcherTypes` to `false`, the recommended approach is to customize authorization on the dispatcher types.
For example, you may want to grant all access on requests with dispatcher type `ASYNC` or `FORWARD`.
.Permit ASYNC and FORWARD dispatcher type
====
@ -218,7 +218,6 @@ For example, you may want to configure `shouldFilterAllDispatcherTypes` to `true @@ -218,7 +218,6 @@ For example, you may want to configure `shouldFilterAllDispatcherTypes` to `true
SecurityFilterChain web(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorize) -> authorize
.shouldFilterAllDispatcherTypes(true)
.dispatcherTypeMatchers(DispatcherType.ASYNC, DispatcherType.FORWARD).permitAll()
.anyRequest().authenticated()
)
@ -234,7 +233,6 @@ SecurityFilterChain web(HttpSecurity http) throws Exception { @@ -234,7 +233,6 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
open fun web(http: HttpSecurity): SecurityFilterChain {
http {
authorizeHttpRequests {
shouldFilterAllDispatcherTypes = true
authorize(DispatcherTypeRequestMatcher(DispatcherType.ASYNC, DispatcherType.FORWARD), permitAll)
authorize(anyRequest, authenticated)
}
@ -255,7 +253,6 @@ You can also customize it to require a specific role for a dispatcher type: @@ -255,7 +253,6 @@ You can also customize it to require a specific role for a dispatcher type:
SecurityFilterChain web(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorize) -> authorize
.shouldFilterAllDispatcherTypes(true)
.dispatcherTypeMatchers(DispatcherType.ERROR).hasRole("ADMIN")
.anyRequest().authenticated()
)
@ -271,7 +268,6 @@ SecurityFilterChain web(HttpSecurity http) throws Exception { @@ -271,7 +268,6 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
open fun web(http: HttpSecurity): SecurityFilterChain {
http {
authorizeHttpRequests {
shouldFilterAllDispatcherTypes = true
authorize(DispatcherTypeRequestMatcher(DispatcherType.ERROR), hasRole("ADMIN"))
authorize(anyRequest, authenticated)
}

Write Preview
Loading…
Cancel
Save