Make it easier to determine where a filter chain has been defined #15874
Labels
for: team-attention
This ticket should be discussed as a team before proceeding
in: config
An issue in spring-security-config
type: enhancement
A general enhancement
Expected Behavior
When there a multiple filter chains configured for any request, Spring Security should make it as easy as possible for the user to correct their configuration mistake by clearly identifying the filter chains that are involved.
Current Behavior
An app fails to start with an exception like this:
For me, describing a filter chain purely in terms of the filters that it contains isn't as helpful as it could be. Thanks to the DSL, the specific filters and their class names are an implementation detail. I find it difficult to map the list of 10+ filters back to a particular piece of configuration where the problematic filter chain was defined and I'd like Spring Security to do that for me. Perhaps it could provide some origin information (the name of the bean?) where each filter chain that's involved in the problem was defined?
Context
I found this while trying to adapt to the deprecation of
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http)
in the AOT smoke test for authorization server:The above was my first attempt at following the advice in the deprecation notice. After looking at the code that was deprecated and what it does, it would appear that the following is what was needed in this case:
The text was updated successfully, but these errors were encountered: