-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MVC Matcher rules that worked in Spring Security 5.7.6 don't work in 6.0.1 #12463
Comments
The reason is that in 6.0, the authorization filter is run for all dispatcher types, including You can achieve this by permitting http.authorizeHttpRequests((authorize) -> authorize
.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()
// ... the rest of your authorization rules
) For more details, you can see the section about Spring MVC in the migration guide. |
Hello. Thank you for answer. However, even if I set the FORWARD permit setting, it still returns a 403 response.
I'm not sure what the cause is. I'll try to find out more slowly. thank you |
Adding I quoted your response in here ( @jzheaux ): |
hello. I've solved the problem. It was not related to Spring Security. In Spring 6 MVC, trailing slashes in URLs are not automatically handled.
After adding the following settings the test was successful. @Configuration
public class WebMvcConfig implements WebMvcConfigurer {
@Override
public void configurePathMatch(PathMatchConfigurer configurer) {
configurer.setUseTrailingSlashMatch(true);
}
}
Thank you all. |
Hello.
MVC Matcher rules that worked in Spring Security 5.7.6 don't work in 6.0.1.
Spring Security 5.7.6 configuration (Spring Boot 2.7.7 environment)
Configuration
Test code
Spring Security 6.0.1 configuration (Spring Boot 3.0.1 environment)
Configuration
Test code
As above, I expected 200, but I get 403 response in Spring Security 6.0.1 environment.
I don't think I did anything wrong, but I shared it because I didn't know if it was a bug.
Thank you.
mvcMatcherTest.zip
https://github.com/mklinkj/QnA/tree/master/Spring-Security/mvcMatcherTest
The text was updated successfully, but these errors were encountered: