Securing @Controller inconsistency

Question

I'm developing REST API with Spring MVC and securing it with Spring Security. I have two URL's, one is /company/{id} and the second one is /countries. ws is my servlet mapping.

<intercept-url pattern="/ws/*" access="ROLE_ADMIN"/>

is configured, however when I try to access to /company/1 it passes me

11:17:19,751 DEBUG http-bio-8080-exec-10 AntPathRequestMatcher:matches:103 - Checking match of request : '/ws/company/1'; against '/ws/*'
11:17:19,751 DEBUG http-bio-8080-exec-10 FilterSecurityInterceptor:beforeInvocation:184 - Public object - authentication not attempted

and with /countries everything works fine. I've read this question and do use global security in my mvc related context. Can't figure out what's the issue.

score 4 · Accepted Answer · answered Dec 20 '12 at 10:00

4

Try mapping everything under /ws/ using the ant style selector ** which indicates to include everything within the specified URL, not just URLs within the specified URL.

<intercept-url pattern="/ws/**" access="ROLE_ADMIN"/>

answered Dec 20 '12 at 10:00

Kevin Bowersox

93,289
19
159
189

@J-unior Glad I could help. These ant style path mappings are used pretty heavily in Spring. – Kevin Bowersox Dec 20 '12 at 10:07

Securing @Controller inconsistency

1 Answers1