Rob Winch
Rob Winch
I'd have to give this some thought. At first glance I'd say that they should be in web.authentication. I'm trying to remember if there were any conscious decisions to make...
@maskedpirate No updates. Would you be interested in submitting a pull request?
No updates at this time.
Are you speaking about making it more explicit between the matchers on `HttpSecurity` and the authorization rules?
I think that makes sense and have thought about it a bit. I'd prefer not exposing implementation details like `filterChainMatchers` in the DSL. I think something like this would be...
I think my concern is that the DLS tries to hide the implementation details (i.e that FilterChainProxy is used under the covers). Instead, I think it makes more sense to...
@rstoyanchev It looks like @SpComb analysis is correct. Spring Security's `OnComittedResponseWrapper` is detecting that the response is about to be committed, so it then tries to write the headers before...
Since this is a breaking change, we should consider this for 6.0.x or close the issue
I think this is a good start. I agree with you that we should create specific interfaces. An interesting observation is that CsrfAuthenticationStrategy can reuse the logic for setting the...
Thanks for the feedback. Generally speaking the reactive repositories won't save the token unless something subscribed to the result. This is because if nothing subscribed, there is no way that...