Javadoc for AuthorizationFilter#filterErrorDispatch is wrong

[HackSung]

In the Spring Security 6.1.1,
The javadoc for the setFilterErrorDispatch method of the AuthorizationFilter class states that the default value of the filterErrorDispatch property is false.
However, in the AuthorizationFilter code, it is implemented as follows
private boolean filterErrorDispatch = true;

Shouldn't it modify the default value to false?
The same goes for filterAsyncDispatch.

[HackSung]

@marcusdacoregio
First, Thank you for your quick action.
Actually, I was expecting to modify the filterErrorDispatch property to false in the code,
not to modify the default to true in the javadoc of filterErrorDispatch.
The reason is that in the Spring Boot, the default dispatcher type for filter is only DispatcherType.REQUST and DispatcherType.ERROR is missing.
Similarly, wouldn't it be more common for AuthorizationFilter to omit cases where the dispatcher type is ERROR?

[marcusdacoregio]

Hi @HackSung, since 6.0 Spring Security applies authorization to every dispatcher type, and Spring Boot is also aligned with that. If you want to allow access to a dispatcher type you must do it explicitly