Menu
I want to give permission to every of these URLs:
.antMatchers("/myPage?param1=tata*").hasRole("tata")
.antMatchers("/myPage?param1=toto*").hasRole("toto")
I have this two URLs:
http://localhost:3000/myPage?param1=tata¶m2=0001
http://localhost:3000/myPage?param1=toto¶m2=0001
If URL is typed and has "tata" as parameter i want to access only with the role "tata" and the same thing with "toto"
471
asked Sep 10 '25 09:09
You can use RegexRequestMatcher instead of AntPathRequestMatcher
http
.authorizeRequests()
.regexMatchers("\/myPage\?param1=tata(&.*|$)"). hasRole('tata')
.regexMatchers("\/myPage\?param1=toto(&.*|$)"). hasRole('toto')
AntPathRequestMatcher does not match the params,as you can read from the code
private String getRequestPath(HttpServletRequest request) {
if (this.urlPathHelper != null) {
return this.urlPathHelper.getPathWithinApplication(request);
}
String url = request.getServletPath();
String pathInfo = request.getPathInfo();
if (pathInfo != null) {
url = StringUtils.hasLength(url) ? url + pathInfo : pathInfo;
}
return url;
}
RegexRequestMatcher will get the request path and params.
public boolean matches(HttpServletRequest request) {
if (httpMethod != null && request.getMethod() != null
&& httpMethod != valueOf(request.getMethod())) {
return false;
}
String url = request.getServletPath();
String pathInfo = request.getPathInfo();
String query = request.getQueryString();
if (pathInfo != null || query != null) {
StringBuilder sb = new StringBuilder(url);
if (pathInfo != null) {
sb.append(pathInfo);
}
if (query != null) {
sb.append('?').append(query);
}
url = sb.toString();
}
if (logger.isDebugEnabled()) {
logger.debug("Checking match of request : '" + url + "'; against '" + pattern
+ "'");
}
return pattern.matcher(url).matches();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
