Spring Security
  1. Spring Security
  2. SEC-1618

Add 'hasPath' and 'hasQueryString' to ELRequestMatcherContext

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: 3.1.0.M2
    • Component/s: Core
    • Labels:
      None

      Description

      I'd like to have some places (e.g. "api/**") failing fast by using the org.springframework.security.web.authentication.Http403ForbiddenEntryPoint, others should redirect to the login page. As far as i see it would be the easiest to just extend the ELRequestMatcherContext and then use a DelegatingAuthenticationEntryPoint.

        Activity

        Hide
        Luke Taylor added a comment -

        I don't think this is a good idea. ELRequestMatcherContext. If you want to match by path use the AntPathRequestMatcher. Matching on query string using an expression isn't something I would want to encourage as it is easy to bypass a simple match. If you have specific requirements and know what you are doing then it should be easy to implement your own RequestMatcher directly to cater for them.

        Show
        Luke Taylor added a comment - I don't think this is a good idea. ELRequestMatcherContext. If you want to match by path use the AntPathRequestMatcher. Matching on query string using an expression isn't something I would want to encourage as it is easy to bypass a simple match. If you have specific requirements and know what you are doing then it should be easy to implement your own RequestMatcher directly to cater for them.
        Hide
        Harald Radi added a comment -

        I don't really understand your reply. Using the AntpathRequestMatcher from within the DelegatingAuthenticationEntryPoint is actually exactly what I want to do, but that's not possible right now (or I'm not aware of that possibility).

        Show
        Harald Radi added a comment - I don't really understand your reply. Using the AntpathRequestMatcher from within the DelegatingAuthenticationEntryPoint is actually exactly what I want to do, but that's not possible right now (or I'm not aware of that possibility).

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Harald Radi
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: