Skip to content

The single-arg constructor in AntPathRequestMatcher is creating a case-sensitive matcher #4260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jkilroy opened this issue Mar 30, 2017 · 4 comments
Closed

The single-arg constructor in AntPathRequestMatcher is creating a case-sensitive matcher #4260

jkilroy opened this issue Mar 30, 2017 · 4 comments
Assignees
@eleftherias
Labels
in: docs An issue in Documentation or samples status: duplicate A duplicate of another issue type: bug A general bug

Comments

@jkilroy
Copy link

jkilroy commented Mar 30, 2017

java doc for public AntPathRequestMatcher(String pattern) says
"Creates a matcher with the specific pattern which will match all HTTP methods in a
case insensitive manner." This was true in previous versions, but now it is not.

This calls another overloaded constructor which in turn passes the caseSensitive arg = true to
AntPathRequestMatcher(String pattern, String httpMethod, boolean caseSensitive)

In previous versions, the caseSensitive arg was set to false:

Here's the 4.02 code:

/**
 * Creates a matcher with the specific pattern which will match all HTTP methods in a
 * case insensitive manner.
 *
 * @param pattern the ant pattern to use for matching
 */
public AntPathRequestMatcher(String pattern) {
	this(pattern, null);
}

/**
 * Creates a matcher with the supplied pattern and HTTP method in a case insensitive
 * manner.
 *
 * @param pattern the ant pattern to use for matching
 * @param httpMethod the HTTP method. The {@code matches} method will return false if
 * the incoming request doesn't have the same method.
 */
public AntPathRequestMatcher(String pattern, String httpMethod) {
	this(pattern, httpMethod, false);
}

/**
 * Creates a matcher with the supplied pattern which will match the specified Http
 * method
 *
 * @param pattern the ant pattern to use for matching
 * @param httpMethod the HTTP method. The {@code matches} method will return false if
 * the incoming request doesn't doesn't have the same method.
 * @param caseSensitive true if the matcher should consider case, else false
 */
public AntPathRequestMatcher(String pattern, String httpMethod, boolean caseSensitive)
@Siggen
Copy link

Siggen commented Jun 14, 2018

I confirm the problem. Upgrading from Spring-Security 3 to 4 breaks case-insensitive pattern matching in FilterChainProxy.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 7, 2019
@alexvk82
Copy link

alexvk82 commented May 8, 2019
edited
Loading

I confirm the problem too,
java doc and reference doc are out of date for versions
4.2.12 , 5.0.12, 5.1.5 and latest

@rwinch rwinch added in: docs An issue in Documentation or samples type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels May 13, 2019
@rwinch
Copy link
Member

rwinch commented May 13, 2019

Thanks for the confirmation @alexvk82! Would you be interested in submitting a PR to fix the documentation?

@eleftherias
Copy link
Contributor

This was fixed in Spring Security 5.4.0, 5.3.3 and 5.2.5 via #8512.

@eleftherias eleftherias added the status: duplicate A duplicate of another issue label May 19, 2021
@eleftherias eleftherias self-assigned this May 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: docs An issue in Documentation or samples status: duplicate A duplicate of another issue type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rwinch @jkilroy @Siggen @eleftherias @spring-projects-issues @alexvk82