Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1618: Add 'hasPath' and 'hasQueryString' to ELRequestMatcherContext #1859

Closed
spring-issuemaster opened this Issue Nov 9, 2010 · 2 comments

Comments

Projects
None yet
1 participant

Harald Radi (Migrated from SEC-1618) said:

I'd like to have some places (e.g. "api/**") failing fast by using the org.springframework.security.web.authentication.Http403ForbiddenEntryPoint, others should redirect to the login page. As far as i see it would be the easiest to just extend the ELRequestMatcherContext and then use a DelegatingAuthenticationEntryPoint.

Luke Taylor said:

I don't think this is a good idea. ELRequestMatcherContext. If you want to match by path use the AntPathRequestMatcher. Matching on query string using an expression isn't something I would want to encourage as it is easy to bypass a simple match. If you have specific requirements and know what you are doing then it should be easy to implement your own RequestMatcher directly to cater for them.

Harald Radi said:

I don't really understand your reply. Using the AntpathRequestMatcher from within the DelegatingAuthenticationEntryPoint is actually exactly what I want to do, but that's not possible right now (or I'm not aware of that possibility).

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment