spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

Support RequestMatcher Validation

Open rwinch opened this issue 2 years ago • 2 comments

By default, we should reject using the built in RequestMatcher implementations other than MvcRequestMatcher in a MvcRequestMatcher application.

Alternatively we can deprecate/remove antMatcher, regexMatchers, and mvcMatchers from the DSL and have a requestMatcher that is automatic based on the classpath. Users that want to opt out of this would need to use requestMatchers(new RegExRequestMatcher(...)). This makes it much more difficult to get the wrong configuration.

rwinch avatar Jun 07 '22 21:06 rwinch

I can take this.

evgeniycheban avatar Jun 08 '22 20:06 evgeniycheban

@evgeniycheban Thank you for the volunteering. This is going to be a pretty tricky issue with quite a bit of design necessary. For that reason, I'm not sure if it is an ideal for contribution issue.

rwinch avatar Jun 10 '22 17:06 rwinch