CODEWITHSUNDEEP
springspring-mvcspring-security
faraa
faraa

Reputation: 575

regexMatcher for URL with query parameters in Spring Security

How should I use parameters like this in regexMatcher in Spring Security? I have many URLs that start with /sUrl and have different parameters. This code doesn't work!

.regexMatchers("\\/sUrl\\?params=\\{url:\"reports\\/Manager\",subSystem:\"ABS\"\\}").access("hasRole('ROLE_ABS')")

Controller:

@RequestMapping(value = "sUrl", method = RequestMethod.GET)
public RedirectView sUrl(@RequestParam(name = "params") String params) {
            RedirectView redirectView = new RedirectView();
        .
        .
        .
            return redirectView;
}

URL seen in network partition of browser inspector when I click on this link:

sUrl?params={url:%22reports/Manager%22,subSystem:%22ABS%22}

Upvotes: 4

Views: 10051

Answers (1)

dur
dur

Reputation: 16992

You have to use a regular expression with the URL-encoded query parameter, see RegexRequestMatcher:

Uses a regular expression to decide whether a supplied the URL of a supplied HttpServletRequest. Can also be configured to match a specific HTTP method. The match is performed against the servletPath + pathInfo + queryString of the request and is case-sensitive by default. Case-insensitive matching can be used by using the constructor which takes the caseInsensitive argument.

and HttpServletRequest:

Returns the query string that is contained in the request URL after the path. This method returns null if the URL does not have a query string. Same as the value of the CGI variable QUERY_STRING.

Returns:

a String containing the query string or null if the URL contains no query string. The value is not decoded by the container.

Your modfified code:

.regexMatchers("\\/sUrl\\?params=\\{url:%22reports\\/Manager\%22,subSystem:%22ABS%22\\}").access("hasRole('ROLE_ABS')")

Upvotes: 5

Related Questions