Closed dsyer closed 11 years ago
Thanks for logging this. I want to provide this note for myself when I look into this:
the thing is though that something like this also overrides:
http
.httpBasic()
.authenticationEntryPoint(entryPoint())
.and()
.httpBasic()
.authenticationEntryPoint(otherEntryPoint())
Rob Winch: I'm not sure if we will be able to prevent such situations with all the options available
I think this is a won't fix and refer to the (now added) javadoc on what is overridden
It's a bit confusing (for me) at the minute that it is optional to provide a matcher to HttpConfiguration, but that it still allows you to add one later.
http.httpBasic().and().antMatcher("/foo")
seems unintuitive and I think should be made impossible by the DSL.
Rob Winch: I don't want to require the user to make requestMatchers("/**") for the default case though David Syer: http.antMatcher("/foo").antMatcher("/bar").httpBasic() is legal Rob Winch: I see what you are saying David Syer: maybe the default case would be http.matchAll()? Rob Winch: I don't want them to need to specify the matchAll but I see what you are saying there David Syer: I wouldn't mind having to specify matchAll() as long as it was clear I had to do that to add any filters