Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove FilterSecurityInterceptor from WebSecurity #11325

Closed
marcusdacoregio opened this issue Jun 2, 2022 · 3 comments
Closed

Remove FilterSecurityInterceptor from WebSecurity #11325

marcusdacoregio opened this issue Jun 2, 2022 · 3 comments
Assignees
@marcusdacoregio
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
6.0.0-M7

Comments

@marcusdacoregio
Copy link
Contributor

FilterSecurityInterceptor will be deprecated in 5.8 in favor of the new AuthorizationFilter.

This is part of the work of removing all the places that use the FilterSecurityInterceptor and related classes.
@marcusdacoregio marcusdacoregio added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Jun 2, 2022
@marcusdacoregio marcusdacoregio added this to the 6.0.x milestone Jun 2, 2022
@jzheaux
Copy link
Contributor

jzheaux commented Jun 7, 2022

Is it possible to create an opt-in strategy in 5.8 that allows applications to start using AuthorizationManager in advance of the defaults changing in 6.0?

@marcusdacoregio
Copy link
Contributor Author

The FilterSecurityInterceptor in WebSecurity is only used to create an instance of WebInvocationPrivilegeEvaluator. If folks are using authorizeHttpRequests the configuration picks up the AuthenticationFilter#getAuthorizationManager and creates an instance of AuthorizationManagerWebInvocationPrivilegeEvaluator instead.

Do you think that we still really need a strategy for that? If so, what that would look like?

@jzheaux
Copy link
Contributor

jzheaux commented Jun 22, 2022

I see. I missed that securityInterceptor was deprecated. As a side note, perhaps the @Deprecated annotation should be added in addition to the JavaDoc marker that's already there?

@marcusdacoregio marcusdacoregio self-assigned this Jul 27, 2022
@marcusdacoregio marcusdacoregio changed the title Replace FilterSecurityInterceptor with AuthorizationFilter in WebSecurity Remove FilterSecurityInterceptor from WebSecurity Aug 2, 2022
@marcusdacoregio marcusdacoregio modified the milestones: 6.0.x, 6.0.0-M7 Aug 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
6.0.0-M7
Development

No branches or pull requests
2 participants
@jzheaux @marcusdacoregio