Skip to content

Add deprecation notice for missing leading slashes #16020

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Oct 31, 2024 · 0 comments
Closed

Add deprecation notice for missing leading slashes #16020

jzheaux opened this issue Oct 31, 2024 · 0 comments
Assignees
@jzheaux
Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Milestone
6.4.0

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Oct 31, 2024

Some MVC frameworks allow for leaving out the leading slash from request mappings:

@ApplicationPath("app")

Which can lead folks to use the same pattern in their request matcher:

requestMatchers("app")

However, this has a different meaning in Ant. When what intend is likely:

requestMatchers("/app/**")

Spring Security should remove this ambiguity by failing when a leading slash is missing from any requestMatchers pattern.

Since this wouldn't be passive, for 6.x, we should log a warning message. For 7.x, we should throw an exception.
@jzheaux jzheaux added in: config An issue in spring-security-config type: enhancement A general enhancement labels Oct 31, 2024
@jzheaux jzheaux added this to the 6.4.0 milestone Oct 31, 2024
@jzheaux jzheaux self-assigned this Oct 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Projects
None yet
Milestone
6.4.0
Development

No branches or pull requests
1 participant
@jzheaux