mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-08-29 03:06:45 +08:00
4bd3534b7d
Spring Security now filters every dispatch by default and not only once-per-request. Security configuration has been updated in a number of places to restore the old behavior as needed for the tests to pass. gh-31703 has been opened to review this and to investigate if we can now remove the error page security filter and rely on the filtering of every dispatch instead. In addition to switching to once-per-request filtering where needed, this commit also restructures the configuration of the error page security filter. The restructuring was necessary to ensure that the privilege evaluator bean has been defined before the conditions on the error page security filter are evaluated. Without the change, the filter was no longer being configured as the privilege evaluator hadn't been defined before the on bean condition was evaluated. We may want to back port this change as the ordering doesn't appear to have been defined before and we were just getting lucky. See gh-31622 See spring-projects/spring-security#11466 |
||
|---|---|---|
| .. | ||
| src | ||
| build.gradle | ||