Spring Security Wrong name of the filter in the SecurityContextHolderFilter diagram

Hi,

diagram related to SecurityContextHolderFilter is referring to SecurityContextPersistenceFilter instead of SecurityContextHolderFilter in documentation:

https://docs.spring.io/spring-security/reference/5.7.0/servlet/authentication/persistence.html#securitycontextholderfilter

which got me a little bit confused.

This is present from 5.7.x onward.

Comment From: sjohnr

Thanks @underground-hill. There is a new property introduced in 5.7, http.securityContext().requireExplicitSave(true) that will align you with what is coming in 6.0. In 5.7 it's defaulted to false, I believe, and in 6.0 it should (or will) be defaulted to true.

So in 6.0, I believe the diagram would indeed benefit from changing. Does that sound accurate based on what you're seeing?

Comment From: underground-hill

Hi @sjohnr,

thank you for your reply! What I had in mind was this diagram:

https://docs.spring.io/spring-security/reference/5.7.0/_images/servlet/authentication/securitycontextholderfilter.png

where SecurityContextPersistenceFilter is mentioned twice, and I think it should be SecurityContextHolderFilter (because this is section about it, and not the persistence filter).

I should have pointed to the diagram in the first post, sorry for the confusion!

Comment From: sjohnr

Oh, I see. Thanks for clarifying @underground-hill!