Skip to content

Authorization on Every Dispatch Type #11027

New issue
New issue
Closed
Closed
Authorization on Every Dispatch Type#11027
Assignees
marcusdacoregio
Labels
in: webAn issue in web modules (web, webmvc)type: breaks-passivityA change that breaks passivity with the previous releasetype: enhancementA general enhancement
Milestone
 
6.0.0-M4
@rwinch

Description

@rwinch
rwinch
opened on Mar 25, 2022

Currently FilterSecurityInterceptor and AuthorizationFilter only perform authorization checks on the first request. Authorization should be performed on dispatch. We should make it simple to permitAll on other dispatch types for users that do not wish to do this.

NOTE: We may consider only making these changes to AuthorizationFilter rather than FilterSecurityInterceptor since we are moving towards using AuthorizationManager rather than the old authorization APIs.

Related gh-10919

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: breaks-passivityA change that breaks passivity with the previous releasetype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions