Главная Обзор Помощь
Регистрация Вход
github
/
spring-security
зеркало из https://github.com/spring-projects/spring-security
2
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

Clarify authorize-http-requests docs

Issue gh-11467
Marcus Da Coregio 3 лет назад
Родитель
64ba31aebb
Сommit
9608eaa138
1 измененных файлов с 2 добавлено и 6 удалено
Разделённый вид Показать статистику Diff
  1. 2 6
      docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc

+ 2 - 6
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
Просмотреть файл 

@@ -206,8 +206,8 @@ open fun web(http: HttpSecurity): SecurityFilterChain {
 
 ----
 
 ====
 
 
-Now with the authorization rules applying to all dispatcher types, you have more control of the authorization on them.
 
-For example, you may want to configure `shouldFilterAllDispatcherTypes` to `true` but not apply authorization on requests with dispatcher type `ASYNC` or `FORWARD`.
 
+Instead of setting `shouldFilterAllDispatcherTypes` to `false`, the recommended approach is to customize authorization on the dispatcher types.
 
+For example, you may want to grant all access on requests with dispatcher type `ASYNC` or `FORWARD`.
 
 
 .Permit ASYNC and FORWARD dispatcher type
 
 ====
 
@@ -218,7 +218,6 @@ For example, you may want to configure `shouldFilterAllDispatcherTypes` to `true
 
 SecurityFilterChain web(HttpSecurity http) throws Exception {
 
     http
 
         .authorizeHttpRequests((authorize) -> authorize
 
-            .shouldFilterAllDispatcherTypes(true)
 
             .dispatcherTypeMatchers(DispatcherType.ASYNC, DispatcherType.FORWARD).permitAll()
 
             .anyRequest().authenticated()
 
         )
 
@@ -234,7 +233,6 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
 
 open fun web(http: HttpSecurity): SecurityFilterChain {
 
     http {
 
         authorizeHttpRequests {
 
-            shouldFilterAllDispatcherTypes = true
 
             authorize(DispatcherTypeRequestMatcher(DispatcherType.ASYNC, DispatcherType.FORWARD), permitAll)
 
             authorize(anyRequest, authenticated)
 
         }
 
@@ -255,7 +253,6 @@ You can also customize it to require a specific role for a dispatcher type:
 
 SecurityFilterChain web(HttpSecurity http) throws Exception {
 
     http
 
         .authorizeHttpRequests((authorize) -> authorize
 
-            .shouldFilterAllDispatcherTypes(true)
 
             .dispatcherTypeMatchers(DispatcherType.ERROR).hasRole("ADMIN")
 
             .anyRequest().authenticated()
 
         )
 
@@ -271,7 +268,6 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
 
 open fun web(http: HttpSecurity): SecurityFilterChain {
 
     http {
 
         authorizeHttpRequests {
 
-            shouldFilterAllDispatcherTypes = true
 
             authorize(DispatcherTypeRequestMatcher(DispatcherType.ERROR), hasRole("ADMIN"))
 
             authorize(anyRequest, authenticated)
 
         }