Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1129: FilterChainProxy. Not matching ant url when a parameter contains / #1376

Closed
spring-issuemaster opened this Issue Mar 24, 2009 · 4 comments

Comments

Projects
None yet
1 participant

Roberto Ruiz(Migrated from SEC-1129) said:

I am using Filter proxy to add several filters to my pages

/security:filter-chain-map

The \* at the end is because some pages have GET parameters. The problem comes when one of those parameters, constains a / character (Text is already escaped with javascript escape function). In that case, the page is not matched. It may be solved, adding a new filter-chain

/security:filter-chain-map

Notice the / at the end of the second chain

I think it’s a bug, as the / character is in the parameter string and not in the url.

Luke Taylor said:

The ant pattern matcher isn’t supposed to match parameters as the query string is supposed to be stripped before the match (see SEC-953, for example). Please make sure you are raising issues against the latest release version. If you need complicated matching syntax then you can use regular expressions instead of ant paths.

Roberto Ruiz said:

No, I don’t want the parameters to be matched. The problem is precisely that, and that’s because I put an \* after .html. If I don’t do that, urls with parameters are never matched. I’ll try with latest version anyway

Roberto Ruiz said:

No, I don’t want the parameters to be matched. The problem is precisely that, and that’s because I put an \* after .html. If I don’t do that, urls with parameters are never matched. I’ll try with latest version anyway

Luke Taylor said:

So this is effectively a duplicate of SEC-953 and was fixed in the 2.0.4 release.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment