Here's a link to the latest documentation:
https://docs.spring.io/spring-security/site/docs/current/reference/html5/#csrf-considerations-multipart https://docs.spring.io/spring-security/site/docs/5.0.x/reference/html/csrf.html#csrf-multipartfilter
In the section linked above, it's missing a key crucial information about why we must use XML for filter ordering.
According to Baeldung, linked below:
https://www.baeldung.com/java-web-app-without-web-xml#xml-still-needed
We require the usage of web.xml
mainly because:
Even, with all the features introduced in Servlet 3.0, there are some use cases where we'll still need a web.xml file, among them:
- We can't define the filter order with annotations – we still need the
section if we have multiple filters that we need to be applied in a particular order
The Spring documentation needs to explain the <filter-mapping>
section in the web.xml
and the purpose of why we need include web.xml
. Without this key crucial information, no one would know the reason why we should use this, when everything we're doing is moving towards annotation-based configurations, especially for Spring Framework 6.
I would like to request to add a snippet, or some additional information to the documentation section 19.5.4, so anyone reading them will have a better understanding of the importance of including web.xml
.
Comment From: snicoll
@tommai78101 you've linked to the Spring Security documentation, which is not handled here. If you want to pursue with this request, please raise an issue with the Spring Security project.