Reputation: 592
Ant Matcher for GET Parameters
Using Java + SpringBoot, I'm trying to create and endpoint for confirming the user email.
The link I generated and sent was /confirm-email?id=x&token=xyztetc
However, due to the fact that only /signup is permitted to be accessed without a Bearer token, the link will always get a 403 response. I've tried to add /confirm-email?{id:.+}&{token:.+} for being permitted, but with no success.
I'm 100% sure that the regex isn't correctly written, but I can't find any relevant Ant pattern documentation to check.
Upvotes: 4
Views: 7158
Answers (2)
Reputation: 26
In order to allow regex matchers, you must use .regexMatchers() instead of .antMatchers().
See this class for more information:
org.springframework.security.web.util.matcher.RegexRequestMatcher
It would be something like this in your case:
public class ServerSecurityAppConfig extends ResourceServerConfigurerAdapter {
// ...
private static final String[] UNAUTHENTICATED_ROUTES = new String[] {
"/confirm-email?{.+}&{.+}",
};
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.regexMatchers( UNAUTHENTICATED_ROUTES ).permitAll()
.anyRequest().access( myAppSecurityExpression );
}
Upvotes: 0
Reputation: 5182
I don't think ant uses the . to match any character, it uses ?:
https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/util/AntPathMatcher.html
Upvotes: 1
Related Questions
- Spring AntPathMatcher with a custom separator behaves strangely
- Ant path style patterns
- ANT attribute in regex pattern
- Array as argument for ant matchers in spring boot kotlin
- spring boot ant matchers parameters
- Ant get the value of a parameter obtained at runtime
- Passing parameters to JAVA main via ANT Build
- Using Ant condition tag
- pass arguments to java through ant
- How to pass paramters by refrence in ant