Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use MvcRequestMatcher by default if Spring MVC is present

Browse Source 
Closes gh-11899
This commit is contained in:
Marcus Da Coregio
2022-10-04 13:29:39 -03:00
committed by Marcus Hert Da Coregio
parent 353ca76973
commit c4d23f2b49
82 changed files with 391 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/modules/ROOT/pages/servlet/appendix/namespace/http.adoc
+2 -2
View File
@@ -117,7 +117,7 @@ Options are currently `mvc`, `ant`, `regex` and `ciRegex`, for Spring MVC, ant,
A separate instance is created for each <<nsa-intercept-url,intercept-url>> element using its <<nsa-intercept-url-pattern,pattern>>, <<nsa-intercept-url-method,method>> and <<nsa-intercept-url-servlet-path,servlet-path>> attributes.
Ant paths are matched using an `AntPathRequestMatcher`, regular expressions are matched using a `RegexRequestMatcher` and for Spring MVC path matching the `MvcRequestMatcher` is used.
See the Javadoc for these classes for more details on exactly how the matching is performed.
Ant paths are the default strategy.
MVC is the default strategy if Spring MVC is present in the classpath, if not, Ant paths are used.
[[nsa-http-request-matcher-ref]]
@@ -1653,7 +1653,7 @@ If an identical pattern is specified with and without a method, the method-speci
[[nsa-intercept-url-pattern]]
* **pattern**
The pattern which defines the URL path.
The content will depend on the `request-matcher` attribute from the containing http element, so will default to ant path syntax.
The content will depend on the `request-matcher` attribute from the containing http element, so will default to MVC matcher if Spring MVC is in the classpath.
[[nsa-intercept-url-request-matcher-ref]]
docs/modules/ROOT/pages/whats-new.adoc
+2
View File
@@ -20,3 +20,5 @@ Reorganize imports
* https://github.com/spring-projects/spring-security/issues/10347[gh-10347] - Remove `UsernamePasswordAuthenticationToken` check in `BasicAuthenticationFilter`
* https://github.com/spring-projects/spring-security/pull/11923[gh-11923] - Remove `WebSecurityConfigurerAdapter`.
Instead, create a https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter[SecurityFilterChain bean].
* https://github.com/spring-projects/spring-security/issues/11899[gh-11899] - Use `MvcRequestMatcher` by default if Spring MVC is present.
You can configure a different `RequestMatcher` by using the https://docs.spring.io/spring-security/reference/servlet/appendix/namespace/http.html#nsa-http-attributes[request-matcher attribute from <http>].