Harald Radi (Migrated from SEC-1618) said:
I'd like to have some places (e.g. "api/**") failing fast by using the org.springframework.security.web.authentication.Http403ForbiddenEntryPoint, others should redirect to the login page. As far as i see it would be the easiest to just extend the ELRequestMatcherContext and then use a DelegatingAuthenticationEntryPoint.
Luke Taylor said:
I don't think this is a good idea. ELRequestMatcherContext. If you want to match by path use the AntPathRequestMatcher. Matching on query string using an expression isn't something I would want to encourage as it is easy to bypass a simple match. If you have specific requirements and know what you are doing then it should be easy to implement your own RequestMatcher directly to cater for them.
Harald Radi said:
I don't really understand your reply. Using the AntpathRequestMatcher from within the DelegatingAuthenticationEntryPoint is actually exactly what I want to do, but that's not possible right now (or I'm not aware of that possibility).