Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve Error Message for Conflicting Filter Chains #15992

Merged
merged 1 commit into from
Nov 7, 2024

Conversation

jzheaux
Copy link
Contributor

@jzheaux jzheaux commented Oct 25, 2024

This adds BeanNameAware to DefaultSecurityFilterChain to improve the information it can provide to logs.

A sample improved message looks like this:

A filter chain that matches any request [DefaultSecurityFilterChain defined as 'api1' in [org.example.FilterChainConfig] matching [any request] and having filters [DisableEncodeUrl, WebAsyncManagerIntegration, SecurityContextHolder, HeaderWriter, Csrf, Logout, RequestCacheAware, SecurityContextHolderAwareRequest, AnonymousAuthentication, ExceptionTranslation, Authorization]] has already been configured, which means that this filter chain [DefaultSecurityFilterChain defined as 'api2' in [org.example.FilterChainConfig] matching [Or [Mvc [pattern='/app/**']]] and having filters [DisableEncodeUrl, WebAsyncManagerIntegration, SecurityContextHolder, HeaderWriter, Csrf, Logout, RequestCacheAware, SecurityContextHolderAwareRequest, AnonymousAuthentication, ExceptionTranslation, Authorization]] will never get invoked. Please use HttpSecurity#securityMatcher to ensure that there is only one filter chain configured for 'any request' and that the 'any request' filter chain is published last.

Closes gh-15874

@jzheaux jzheaux added in: core An issue in spring-security-core type: enhancement A general enhancement labels Oct 25, 2024
@jzheaux jzheaux self-assigned this Oct 25, 2024
@jzheaux jzheaux added this to the 6.4.0 milestone Nov 7, 2024
@jzheaux jzheaux merged commit f46e56d into spring-projects:main Nov 7, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
Status: No status
Development

Successfully merging this pull request may close these issues.

Make it easier to determine where a filter chain has been defined
1 participant