Skip to content

Add deprecation notice for missing leading slashes #16020

New issue
New issue
Closed
Closed
Add deprecation notice for missing leading slashes#16020
Assignees
jzheaux
Labels
in: configAn issue in spring-security-configtype: enhancementA general enhancement
Milestone
6.4.0
@jzheaux

Description

@jzheaux
jzheaux
opened on Oct 31, 2024

Some MVC frameworks allow for leaving out the leading slash from request mappings:

@ApplicationPath("app")

Which can lead folks to use the same pattern in their request matcher:

requestMatchers("app")

However, this has a different meaning in Ant. When what intend is likely:

requestMatchers("/app/**")

Spring Security should remove this ambiguity by failing when a leading slash is missing from any requestMatchers pattern.

Since this wouldn't be passive, for 6.x, we should log a warning message. For 7.x, we should throw an exception.

Metadata

Metadata

Assignees

Labels

in: configAn issue in spring-security-configtype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions