Announcement Announcement Module
Collapse
No announcement yet.
FilterSecurityInterceptor & Regular Expression Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • FilterSecurityInterceptor & Regular Expression

    I tried searching for an answer to this but I can't seem to locate one.

    I'm struggling with the RE for protecting URLS.

    I need to protect a file such as test.html but also test.html?queryString=fdsfjsdklf

    I tried something like \A/addemployee.html.*\Z=ROLE_ADMIN but that didn't seem to have any affect. (it worked for addemployee.html? but not addemployee.html?a) What is the correct syntax?

    Thanks
    -Scott

  • #2
    \A/addemployee.html\Z=ROLE_ADMIN
    The query string is not part of the evaluation.

    I'd recommend using the Ant-style paths though, much less \A\Z stuff...

    Just have to add PATTERN_TYPE_APACHE_ANT and change the patterns

    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /addemployee.html=ROLE_ADMIN
    /secure/**=ROLE_ADMIN
    </value>
    </property>

    -Ray

    Comment


    • #3
      Also don't forget to express your most specific pattern first, and have the general patterns at the bottom of the objectDefinitionSource declaration. Debug-level logging also gives a lot of clues as to which pattern the FilterInvocationDefinitionSource is matching.

      Comment

      Working...
      X