Summary
Running a hello world benchmark with an anonymous authentication set up (so an authentication is present, and the authentication has access to the controller method) still causes Spring security to fill useless stack traces in ReactiveAuthorizationManager.java
Actual Behavior
The following part is called at the Mono pipeline construction time, so a stack trace gets created.
.switchIfEmpty( Mono.error(new AccessDeniedException("Access Denied")) )
Expected Behavior
The part should be deferred, this way the stack trace gets only created in case the pipeline is indeed empty (no authentication from upstream source flowing down)
.switchIfEmpty( Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied"))) )
Configuration
Strandard Spring Boot RC2 with a web filter to create an anonymous authentication token
Version
5.0.2.RELEASE
Sample
Summary
Running a hello world benchmark with an anonymous authentication set up (so an authentication is present, and the authentication has access to the controller method) still causes Spring security to fill useless stack traces in ReactiveAuthorizationManager.java
Actual Behavior
The following part is called at the Mono pipeline construction time, so a stack trace gets created.
Expected Behavior
The part should be deferred, this way the stack trace gets only created in case the pipeline is indeed empty (no authentication from upstream source flowing down)
Configuration
Strandard Spring Boot RC2 with a web filter to create an anonymous authentication token
Version
5.0.2.RELEASE
Sample