From 17b9f3335181c9bbce6d95ec9dc2ea7e3c3481f5 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Tue, 29 Oct 2013 13:07:10 -0500 Subject: [PATCH] SEC-2378: Fix CSRF MultipartFilter doc typo --- docs/manual/src/asciidoctor/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/src/asciidoctor/index.adoc b/docs/manual/src/asciidoctor/index.adoc index f583eb96c2..64b646d195 100644 --- a/docs/manual/src/asciidoctor/index.adoc +++ b/docs/manual/src/asciidoctor/index.adoc @@ -3105,7 +3105,7 @@ More information about using multipart forms with Spring can be found within the [[csrf-multipartfilter]] ====== Placing MultipartFilter before Spring Security -The first option is to ensure that the `MultipartFilter` is specified before the Spring Security filter. Specifying the `MultipartFilter` after the Spring Security filter means that there is no authorization for invoking the `MultipartFilter` which means anyone can place temporary files on your server. However, only authorized users will be able to submit a File that is processed by your application. In general, this is the recommended approach because the temporary file upload should have a negligble impact on most servers. +The first option is to ensure that the `MultipartFilter` is specified before the Spring Security filter. Specifying the `MultipartFilter` before the Spring Security filter means that there is no authorization for invoking the `MultipartFilter` which means anyone can place temporary files on your server. However, only authorized users will be able to submit a File that is processed by your application. In general, this is the recommended approach because the temporary file upload should have a negligble impact on most servers. To ensure `MultipartFilter` is specified before the Spring Security filter with java configuration, users can override beforeSpringSecurityFilterChain as shown below: