Leave Filter Chain Observations Off By Default #15858
Assignees
Labels
in: config
An issue in spring-security-config
type: breaks-passivity
A change that breaks passivity with the previous release
type: enhancement
A general enhancement
Milestone
Comments
jzheaux
added
in: config
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current default in Spring Security is that all its observations--filter chain, authentication, and authorization--are made.
In #15678,
SecurityObservationSettingswas added so that applications could easily change these settings. Its default is that filter chain observations are off. That is, one can opt-in to the new set of defaults by publishing this bean.This should become the default setting even if there isn't a
SecurityObservationSettingsbean present.The text was updated successfully, but these errors were encountered: