From 9608eaa1388a10c5c1d21e93461cc60ea7cdb5ca Mon Sep 17 00:00:00 2001
From: Marcus Da Coregio <marcusdacoregio@gmail.com>
Date: Thu, 14 Jul 2022 10:19:31 -0300
Subject: [PATCH] Clarify authorize-http-requests docs

Issue gh-11467
---
 .../servlet/authorization/authorize-http-requests.adoc    | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
index 844d867bd1..b80fb69124 100644
--- a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
+++ b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
@@ -206,8 +206,8 @@ open fun web(http: HttpSecurity): SecurityFilterChain {
 ----
 ====
 
-Now with the authorization rules applying to all dispatcher types, you have more control of the authorization on them.
-For example, you may want to configure `shouldFilterAllDispatcherTypes` to `true` but not apply authorization on requests with dispatcher type `ASYNC` or `FORWARD`.
+Instead of setting `shouldFilterAllDispatcherTypes` to `false`, the recommended approach is to customize authorization on the dispatcher types.
+For example, you may want to grant all access on requests with dispatcher type `ASYNC` or `FORWARD`.
 
 .Permit ASYNC and FORWARD dispatcher type
 ====
@@ -218,7 +218,6 @@ For example, you may want to configure `shouldFilterAllDispatcherTypes` to `true
 SecurityFilterChain web(HttpSecurity http) throws Exception {
     http
         .authorizeHttpRequests((authorize) -> authorize
-            .shouldFilterAllDispatcherTypes(true)
             .dispatcherTypeMatchers(DispatcherType.ASYNC, DispatcherType.FORWARD).permitAll()
             .anyRequest().authenticated()
         )
@@ -234,7 +233,6 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
 open fun web(http: HttpSecurity): SecurityFilterChain {
     http {
         authorizeHttpRequests {
-            shouldFilterAllDispatcherTypes = true
             authorize(DispatcherTypeRequestMatcher(DispatcherType.ASYNC, DispatcherType.FORWARD), permitAll)
             authorize(anyRequest, authenticated)
         }
@@ -255,7 +253,6 @@ You can also customize it to require a specific role for a dispatcher type:
 SecurityFilterChain web(HttpSecurity http) throws Exception {
     http
         .authorizeHttpRequests((authorize) -> authorize
-            .shouldFilterAllDispatcherTypes(true)
             .dispatcherTypeMatchers(DispatcherType.ERROR).hasRole("ADMIN")
             .anyRequest().authenticated()
         )
@@ -271,7 +268,6 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
 open fun web(http: HttpSecurity): SecurityFilterChain {
     http {
         authorizeHttpRequests {
-            shouldFilterAllDispatcherTypes = true
             authorize(DispatcherTypeRequestMatcher(DispatcherType.ERROR), hasRole("ADMIN"))
             authorize(anyRequest, authenticated)
         }