SEC-1618: Add 'hasPath' and 'hasQueryString' to ELRequestMatcherContext #1859

Closed
spring-issuemaster opened this Issue Nov 9, 2010 · 2 comments

1 participant

@spring-issuemaster

Harald Radi (Migrated from SEC-1618) said:

I'd like to have some places (e.g. "api/**") failing fast by using the org.springframework.security.web.authentication.Http403ForbiddenEntryPoint, others should redirect to the login page. As far as i see it would be the easiest to just extend the ELRequestMatcherContext and then use a DelegatingAuthenticationEntryPoint.

@spring-issuemaster

Luke Taylor said:

I don't think this is a good idea. ELRequestMatcherContext. If you want to match by path use the AntPathRequestMatcher. Matching on query string using an expression isn't something I would want to encourage as it is easy to bypass a simple match. If you have specific requirements and know what you are doing then it should be easy to implement your own RequestMatcher directly to cater for them.

@spring-issuemaster

Harald Radi said:

I don't really understand your reply. Using the AntpathRequestMatcher from within the DelegatingAuthenticationEntryPoint is actually exactly what I want to do, but that's not possible right now (or I'm not aware of that possibility).

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment