Spring Security Deprecate shouldFilterAllDispatcherTypes

The shouldFilterAllDispatcherTypes property was added to configure the AuthorizationFilter to apply to every dispatcher type.

In Spring Security 5, the default value is false and in Spring Security 6 it is true. It is not recommended to set this property to false just to not apply to all the dispatcher types, instead, the dispatcher types should be permitted using the security DSL.

Instead of:

@Bean
SecurityFilterChain filterChain(HttpSecurity http) {
    http
        .authorizeHttpRequests((authz) -> authz
           .shouldFilterAllDispatcherTypes(false)
        );
}

do:

@Bean
SecurityFilterChain filterChain(HttpSecurity http) {
    http
        .authorizeHttpRequests((authz) -> authz
           .dispatcherTypeMatchers(DispatcherType.ERROR, DispatcherType.ASYNC).permitAll()
        );
}