Closed jzheaux closed 4 weeks ago
Some MVC frameworks allow for leaving out the leading slash from request mappings:
@ApplicationPath("app")
Which can lead folks to use the same pattern in their request matcher:
requestMatchers("app")
However, this has a different meaning in Ant. When what intend is likely:
requestMatchers("/app/**")
Spring Security should remove this ambiguity by failing when a leading slash is missing from any requestMatchers pattern.
requestMatchers
Since this wouldn't be passive, for 6.x, we should log a warning message. For 7.x, we should throw an exception.
6.x
7.x
Some MVC frameworks allow for leaving out the leading slash from request mappings:
Which can lead folks to use the same pattern in their request matcher:
However, this has a different meaning in Ant. When what intend is likely:
Spring Security should remove this ambiguity by failing when a leading slash is missing from any
requestMatcherspattern.Since this wouldn't be passive, for
6.x, we should log a warning message. For7.x, we should throw an exception.