root
/
spring-boot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
root-patch-6
root-patch-5
root-patch-4
root-patch-3
root-patch-2
root-patch-1
3.1.x
3.0.x
2.7.x
2.6.x
2.5.x
2.4.x
2.3.x
2.2.x
2.1.x
2.0.x
1.5.x
1.4.x
1.3.x
1.2.x
1.0.x
1.1.x
v3.2.0-M3
v3.1.4
v3.0.11
v2.7.16
v3.2.0-M2
v3.1.3
v3.0.10
v2.7.15
v3.2.0-M1
v3.1.2
v3.0.9
v2.7.14
v3.1.1
v3.0.8
v2.7.13
v3.1.0
v2.6.15
v2.5.15
v3.0.7
v2.7.12
v3.1.0-RC2
v3.1.0-RC1
v3.0.6
v2.7.11
v3.1.0-M2
v3.0.5
v2.7.10
v3.0.4
v3.1.0-M1
v3.0.3
v2.7.9
v3.0.2
v2.7.8
v3.0.1
v2.7.7
v3.0.0
v2.7.6
v2.6.14
v3.0.0-RC2
v3.0.0-RC1
v2.7.5
v2.6.13
v3.0.0-M5
v2.7.4
v2.6.12
v2.7.3
v2.6.11
v3.0.0-M4
v2.7.2
v2.6.10
v2.7.1
v2.6.9
v3.0.0-M3
v2.7.0
v2.6.8
v2.5.14
v2.7.0-RC1
v2.6.7
v2.5.13
v2.6.6
v2.5.12
v3.0.0-M2
v2.7.0-M3
v2.6.5
v2.5.11
v2.7.0-M2
v2.6.4
v2.5.10
v3.0.0-M1
v2.7.0-M1
v2.6.3
v2.5.9
v2.6.2
v2.5.8
v2.6.1
v2.6.0
v2.5.7
v2.4.13
v2.6.0-RC1
v2.5.6
v2.4.12
v2.6.0-M3
v2.5.5
v2.4.11
v2.6.0-M2
v2.5.4
v2.4.10
v2.6.0-M1
v2.5.3
v2.4.9
v2.5.2
v2.4.8
v2.5.1
v2.4.7
v2.3.12.RELEASE
v2.5.0
v2.4.6
v2.3.11.RELEASE
v2.5.0-RC1
v2.4.5
v2.3.10.RELEASE
v2.5.0-M3
v2.4.4
v2.5.0-M2
v2.4.3
v2.3.9.RELEASE
v2.5.0-M1
v2.4.2
v2.3.8.RELEASE
v2.2.13.RELEASE
v2.4.1
v2.3.7.RELEASE
v2.2.12.RELEASE
v2.4.0
v2.3.6.RELEASE
v2.4.0-RC1
v2.3.5.RELEASE
v2.2.11.RELEASE
v2.1.18.RELEASE
v2.4.0-M4
v2.4.0-M3
v2.3.4.RELEASE
v2.2.10.RELEASE
v2.1.17.RELEASE
v2.4.0-M2
v2.3.3.RELEASE
v2.3.2.RELEASE
v2.2.9.RELEASE
v2.1.16.RELEASE
v2.4.0-M1
v2.3.1.RELEASE
v2.2.8.RELEASE
v2.1.15.RELEASE
v2.3.0.RELEASE
v2.2.7.RELEASE
v2.1.14.RELEASE
v2.3.0.RC1
v2.3.0.M4
v2.2.6.RELEASE
v2.3.0.M3
v2.2.5.RELEASE
v2.1.13.RELEASE
v2.3.0.M2
v2.3.0.M1
v2.2.4.RELEASE
v2.2.3.RELEASE
v2.1.12.RELEASE
v2.2.2.RELEASE
v2.1.11.RELEASE
v2.2.1.RELEASE
v2.1.10.RELEASE
v2.2.0.RELEASE
v2.2.0.RC1
v2.1.9.RELEASE
v2.2.0.M6
v2.1.8.RELEASE
v2.2.0.M5
v2.1.7.RELEASE
v1.5.22.RELEASE
v2.2.0.M4
v2.1.6.RELEASE
v2.2.0.M3
v2.1.5.RELEASE
v1.5.21.RELEASE
v2.2.0.M2
v2.1.4.RELEASE
v2.0.9.RELEASE
v1.5.20.RELEASE
v2.2.0.M1
v2.1.3.RELEASE
v2.1.2.RELEASE
v2.0.8.RELEASE
v1.5.19.RELEASE
v2.1.1.RELEASE
v2.0.7.RELEASE
v1.5.18.RELEASE
v2.1.0.RELEASE
v2.1.0.RC1
v2.0.6.RELEASE
v1.5.17.RELEASE
v2.1.0.M4
v2.1.0.M3
v2.0.5.RELEASE
v1.5.16.RELEASE
v2.1.0.M2
v2.1.0.M1
v2.0.4.RELEASE
v1.5.15.RELEASE
v2.0.3.RELEASE
v1.5.14.RELEASE
v2.0.2.RELEASE
v1.5.13.RELEASE
v1.5.12.RELEASE
v2.0.1.RELEASE
v1.5.11.RELEASE
v2.0.0.RELEASE
v2.0.0.RC2
v2.0.0.RC1
v1.5.10.RELEASE
v2.0.0.M7
v1.5.9.RELEASE
v2.0.0.M6
v1.5.8.RELEASE
v2.0.0.M5
v2.0.0.M4
v1.5.7.RELEASE
v1.5.6.RELEASE
v2.0.0.M3
v1.5.5.RELEASE
v2.0.0.M2
v1.5.4.RELEASE
v1.4.7.RELEASE
v2.0.0.M1
v1.5.3.RELEASE
v1.4.6.RELEASE
v1.5.2.RELEASE
v1.4.5.RELEASE
v1.5.1.RELEASE
v1.5.0.RELEASE
v1.4.4.RELEASE
v1.5.0.RC1
v1.4.3.RELEASE
v1.4.2.RELEASE
v1.4.1.RELEASE
v1.3.8.RELEASE
v1.4.0.RELEASE
v1.3.7.RELEASE
v1.4.0.RC1
v1.3.6.RELEASE
v1.4.0.M3
v1.3.5.RELEASE
v1.3.4.RELEASE
v1.4.0.M2
v1.4.0.M1
v1.3.3.RELEASE
v1.3.2.RELEASE
v1.3.1.RELEASE
v1.2.8.RELEASE
v1.3.0.RELEASE
v1.3.0.RC1
v1.2.7.RELEASE
v1.2.6.RELEASE
v1.3.0.M5
v1.3.0.M4
v1.3.0.M3
v1.3.0.M2
v1.2.5.RELEASE
v1.3.0.M1
v1.2.4.RELEASE
v1.2.3.RELEASE
v1.1.12.RELEASE
v1.2.2.RELEASE
v1.1.11.RELEASE
v1.2.1.RELEASE
v1.1.10.RELEASE
v1.2.0.RELEASE
v1.2.0.RC2
v1.2.0.RC1
v1.1.9.RELEASE
v1.2.0.M2
v1.1.8.RELEASE
v1.1.7.RELEASE
v1.2.0.M1
v1.1.6.RELEASE
v1.1.5.RELEASE
v1.1.4.RELEASE
v1.1.3.RELEASE
v1.1.2.RELEASE
v1.1.1.RELEASE
v1.1.0.RELEASE
v1.1.0.RC1
v1.1.0.M2
v1.1.0.M1
v1.0.2.RELEASE
v1.0.1.RELEASE
v1.0.0.RELEASE
v1.0.0.RC5
v1.0.0.RC4
v1.0.0.RC3
v1.0.0.RC2
v1.0.0.RC1
v0.5.0.M7
v0.5.0.M6
v0.5.0.M5
v0.5.0.M4
v0.5.0.M3
v0.5.0.M1
v0.5.0.M2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9a7baf195e'
${ noResults }
spring-boot/spring-boot-autoconfigure
History
Andy Wilkinson 02d7e2826c Don’t call ignoring.antMatchers([]) as empty array now maps to /** 
Previously, if security.ignored was set to none and the error controller
was disabled, there would be no paths to ignore and we would call
IgnoredRequestConfigurer.antMatchers with an empty array. While a bit
pointless, this had no effect on Spring Security’s configuration.

This behaviour has changed in the latest 4.0.3 snapshots [1]. An empty
array passed to IgnoredRequestConfigurer.antMatchers now maps to /**. As
Spring Boot configures its ignored paths with highest precedence this
means that security is now disabled for every path.

This commit updates both the management security and application
security configuration to avoid calling antMatchers with an empty
array, thereby ensuring that we don’t inadvertently ignore every path.
Even if the change to Spring Security is reverted we can keep this
change. The behaviour will remain the same and, arguably, it makes the
intent of our configuration clearer.

Closes gh-4345

[1] 8663ac4173
 		9 years ago
..
src Don’t call ignoring.antMatchers([]) as empty array now maps to /** 9 years ago
pom.xml Next Development Version 9 years ago