diff --git a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java index 53862ef648..08ace62247 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java +++ b/config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java @@ -20,10 +20,6 @@ import org.springframework.security.web.server.util.matcher.OrServerWebExchangeM import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher; import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers; -import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.*; - -import java.util.ArrayList; -import java.util.Arrays; import java.util.List; @@ -52,8 +48,8 @@ abstract class AbstractServerWebExchangeMatcherRegistry { * * @return the object that is chained after creating the {@link ServerWebExchangeMatcher} */ - public T antMatchers(HttpMethod method) { - return antMatchers(method, new String[] { "/**" }); + public T pathMatchers(HttpMethod method) { + return pathMatchers(method, new String[] { "/**" }); } /** @@ -68,8 +64,8 @@ abstract class AbstractServerWebExchangeMatcherRegistry { * * @return the object that is chained after creating the {@link ServerWebExchangeMatcher} */ - public T antMatchers(HttpMethod method, String... antPatterns) { - return matcher(ServerWebExchangeMatchers.antMatchers(method, antPatterns)); + public T pathMatchers(HttpMethod method, String... antPatterns) { + return matcher(ServerWebExchangeMatchers.pathMatchers(method, antPatterns)); } /** @@ -82,8 +78,8 @@ abstract class AbstractServerWebExchangeMatcherRegistry { * * @return the object that is chained after creating the {@link ServerWebExchangeMatcher} */ - public T antMatchers(String... antPatterns) { - return matcher(ServerWebExchangeMatchers.antMatchers(antPatterns)); + public T pathMatchers(String... antPatterns) { + return matcher(ServerWebExchangeMatchers.pathMatchers(antPatterns)); } /** diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java index 6496477ccc..25887c1b31 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java @@ -33,7 +33,7 @@ public class AuthorizeExchangeBuilderTests { @Test public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() { - authorization.antMatchers(HttpMethod.POST, "/a", "/b").denyAll(); + authorization.pathMatchers(HttpMethod.POST, "/a", "/b").denyAll(); authorization.anyExchange().permitAll(); WebTestClient client = buildClient(); @@ -62,7 +62,7 @@ public class AuthorizeExchangeBuilderTests { @Test public void antMatchersWhenPatternsThenAnyMethod() { - authorization.antMatchers("/a", "/b").denyAll(); + authorization.pathMatchers("/a", "/b").denyAll(); authorization.anyExchange().permitAll(); WebTestClient client = buildClient(); @@ -90,19 +90,19 @@ public class AuthorizeExchangeBuilderTests { @Test(expected = IllegalStateException.class) public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() { - authorization.antMatchers("/incomplete"); - authorization.antMatchers("/throws-exception"); + authorization.pathMatchers("/incomplete"); + authorization.pathMatchers("/throws-exception"); } @Test(expected = IllegalStateException.class) public void anyExchangeWhenFollowedByMatcherThenThrowsException() { authorization.anyExchange().denyAll(); - authorization.antMatchers("/never-reached"); + authorization.pathMatchers("/never-reached"); } @Test(expected = IllegalStateException.class) public void buildWhenMatcherDefinedWithNoAccessThenThrowsException() { - authorization.antMatchers("/incomplete"); + authorization.pathMatchers("/incomplete"); authorization.build(); } diff --git a/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java b/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java index 4558cb60c5..352e0d5ff4 100644 --- a/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java +++ b/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java @@ -40,8 +40,8 @@ public class SecurityConfig { @Bean WebFilterChainFilter springSecurityFilterChain(HttpSecurity http) throws Exception { http.authorizeExchange() - .antMatchers("/admin/**").hasRole("ADMIN") - .antMatchers("/users/{user}/**").access(this::currentUserMatchesPath) + .pathMatchers("/admin/**").hasRole("ADMIN") + .pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().authenticated(); return http.build(); diff --git a/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java b/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java index 4558cb60c5..352e0d5ff4 100644 --- a/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java +++ b/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java @@ -40,8 +40,8 @@ public class SecurityConfig { @Bean WebFilterChainFilter springSecurityFilterChain(HttpSecurity http) throws Exception { http.authorizeExchange() - .antMatchers("/admin/**").hasRole("ADMIN") - .antMatchers("/users/{user}/**").access(this::currentUserMatchesPath) + .pathMatchers("/admin/**").hasRole("ADMIN") + .pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().authenticated(); return http.build(); diff --git a/webflux/src/main/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcher.java b/webflux/src/main/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcher.java index 882e699526..8c59dcb5ed 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcher.java +++ b/webflux/src/main/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcher.java @@ -22,10 +22,10 @@ import java.util.Map; import org.springframework.http.HttpMethod; import org.springframework.http.server.reactive.ServerHttpRequest; -import org.springframework.util.AntPathMatcher; import org.springframework.util.Assert; import org.springframework.util.PathMatcher; import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.util.pattern.ParsingPathMatcher; import reactor.core.publisher.Mono; /** @@ -33,7 +33,9 @@ import reactor.core.publisher.Mono; * @since 5.0 */ public final class PathMatcherServerWebExchangeMatcher implements ServerWebExchangeMatcher { - private PathMatcher pathMatcher = new AntPathMatcher(); + private static final PathMatcher DEFAULT_PATH_MATCHER = new ParsingPathMatcher(); + + private PathMatcher pathMatcher = DEFAULT_PATH_MATCHER; private final String pattern; private final HttpMethod method; diff --git a/webflux/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java b/webflux/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java index a101613f5d..63665f557a 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java +++ b/webflux/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java @@ -30,7 +30,7 @@ import java.util.List; */ public abstract class ServerWebExchangeMatchers { - public static ServerWebExchangeMatcher antMatchers(HttpMethod method, String... patterns) { + public static ServerWebExchangeMatcher pathMatchers(HttpMethod method, String... patterns) { List matchers = new ArrayList<>(patterns.length); for (String pattern : patterns) { matchers.add(new PathMatcherServerWebExchangeMatcher(pattern, method)); @@ -38,8 +38,8 @@ public abstract class ServerWebExchangeMatchers { return new OrServerWebExchangeMatcher(matchers); } - public static ServerWebExchangeMatcher antMatchers(String... patterns) { - return antMatchers(null, patterns); + public static ServerWebExchangeMatcher pathMatchers(String... patterns) { + return pathMatchers(null, patterns); } public static ServerWebExchangeMatcher matchers(ServerWebExchangeMatcher... matchers) { diff --git a/webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java index f21d69a29a..f4ae8eb203 100644 --- a/webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java +++ b/webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java @@ -27,7 +27,7 @@ import static org.assertj.core.api.Assertions.*; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyZeroInteractions; -import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.antMatchers; +import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers; import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.anyExchange; /** @@ -38,28 +38,28 @@ public class ServerWebExchangeMatchersTests { ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange(); @Test - public void antMatchersWhenSingleAndSamePatternThenMatches() throws Exception { - assertThat(antMatchers("/").matches(exchange).block().isMatch()).isTrue(); + public void pathMatchersWhenSingleAndSamePatternThenMatches() throws Exception { + assertThat(pathMatchers("/").matches(exchange).block().isMatch()).isTrue(); } @Test - public void antMatchersWhenSingleAndSamePatternAndMethodThenMatches() throws Exception { - assertThat(antMatchers(HttpMethod.GET, "/").matches(exchange).block().isMatch()).isTrue(); + public void pathMatchersWhenSingleAndSamePatternAndMethodThenMatches() throws Exception { + assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/").matches(exchange).block().isMatch()).isTrue(); } @Test - public void antMatchersWhenSingleAndSamePatternAndDiffMethodThenDoesNotMatch() throws Exception { - assertThat(antMatchers(HttpMethod.POST, "/").matches(exchange).block().isMatch()).isFalse(); + public void pathMatchersWhenSingleAndSamePatternAndDiffMethodThenDoesNotMatch() throws Exception { + assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/").matches(exchange).block().isMatch()).isFalse(); } @Test - public void antMatchersWhenSingleAndDifferentPatternThenDoesNotMatch() throws Exception { - assertThat(antMatchers("/foobar").matches(exchange).block().isMatch()).isFalse(); + public void pathMatchersWhenSingleAndDifferentPatternThenDoesNotMatch() throws Exception { + assertThat(pathMatchers("/foobar").matches(exchange).block().isMatch()).isFalse(); } @Test - public void antMatchersWhenMultiThenMatches() throws Exception { - assertThat(antMatchers("/foobar", "/").matches(exchange).block().isMatch()).isTrue(); + public void pathMatchersWhenMultiThenMatches() throws Exception { + assertThat(pathMatchers("/foobar", "/").matches(exchange).block().isMatch()).isTrue(); } @Test @@ -74,7 +74,7 @@ public class ServerWebExchangeMatchersTests { /** * If a LinkedMap is used and anyRequest equals anyRequest then the following is added: * anyRequest() -> authenticated() - * antMatchers("/admin/**") -> hasRole("ADMIN") + * pathMatchers("/admin/**") -> hasRole("ADMIN") * anyRequest() -> permitAll * * will result in the first entry being overridden