From 2988a2cfa3f0edb8000304c53d973e5007b0223c Mon Sep 17 00:00:00 2001 From: Evgeniy Cheban Date: Mon, 21 Dec 2020 04:27:16 +0300 Subject: [PATCH] Reconsider AntPathRequestMatcher matching logic Closes gh-9285 --- .../web/util/matcher/AntPathRequestMatcher.java | 8 ++++++-- .../web/util/matcher/AntPathRequestMatcherTests.java | 11 ++++++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java index 8e66cceba7e..49aed044786 100644 --- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -48,6 +48,7 @@ * @author Luke Taylor * @author Rob Winch * @author EddĂș MelĂ©ndez + * @author Evgeniy Cheban * @since 3.1 * @see org.springframework.util.AntPathMatcher */ @@ -159,9 +160,12 @@ public Map extractUriTemplateVariables(HttpServletRequest reques @Override public MatchResult matcher(HttpServletRequest request) { - if (this.matcher == null || !matches(request)) { + if (!matches(request)) { return MatchResult.notMatch(); } + if (this.matcher == null) { + return MatchResult.match(); + } String url = getRequestPath(request); return MatchResult.match(this.matcher.extractUriTemplateVariables(url)); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java index 58398adfa80..1738b2a82b4 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,6 +32,7 @@ /** * @author Luke Taylor * @author Rob Winch + * @author Evgeniy Cheban */ @RunWith(MockitoJUnitRunner.class) public class AntPathRequestMatcherTests { @@ -196,6 +197,14 @@ public void matchesWithInvalidMethod() { assertThat(matcher.matches(request)).isFalse(); } + // gh-9285 + @Test + public void matcherWhenMatchAllPatternThenMatchResult() { + AntPathRequestMatcher matcher = new AntPathRequestMatcher("/**"); + MockHttpServletRequest request = createRequest("/blah"); + assertThat(matcher.matcher(request).isMatch()).isTrue(); + } + private HttpServletRequest createRequestWithNullMethod(String path) { given(this.request.getServletPath()).willReturn(path); return this.request;