Luke Taylor (Migrated from SEC-1407) said:
At the moment classes like FilterChainProxy and DefaultFilterInvocationSecurityMetadataSource use a UrlMatcher and store a map of paths (patterns). They do the work of converting incoming URLs to lower case etc.
It would make more sense if they used RequestMatchers as the Map key, with Ant and Regex path matchers a special case. This would allow for more flexible request matching and also for cleaner code, as the matcher implementations would encapsulate the upper/lower case logic etc.
Luke Taylor said:
This has been done, making the code for DefaultMethodSecurityMetadataSource much simpler and opening up the possibility of using more flexible matching strategies in future.
This issue supersedes #1670