Consider the snippet:
@Controller
@RequestMapping(value = "/spitter")
public class SpittrController {
@RequestMapping(value = "/register", method = RequestMethod.GET)
public String showRegistrationForm() {
return "registerForm";
}
}
where registerForm.jsp is as simple as this:
<form method="post">
<table>
<tr>
<td>First Name:</td>
<td><input type="text" name="firstName" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type="text" name="lastName" /></td>
</tr>
<tr>
<td>User Name:</td>
<td><input type="text" name="userName" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input type="submit" value="Register" /></td>
</tr>
</table>
</form>
Whn I type the following URL in my web browser:
I see this below page, which is fine, as per the functionality:
Now if I slightly modified the URL, and do something like this
http://localhost:8080/web/spitter/register/
then also the same page is rendered,
Why? Even though the entered address(URL) is not pointing to that request mapped in the controller.
Any suggestions?
EDIT:
The whole problem arises when I have to work with Spring Security.
Consider the snippet:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().and().authorizeRequests().antMatchers("/spitter/")
.authenticated().antMatchers(HttpMethod.GET, "/spitter/register")
.authenticated();
}
Now, when the user enters this in his browser,
he is redirected to the login page to authenticate himself, while
http://localhost:8080/web/spitter/register/
doesn't redirects him to the login page, which is a security lapse. and I have to make this entry to
antMatchers(HttpMethod.GET, "/spitter/register/").authenticated()
in addition to
antMatchers(HttpMethod.GET, "/spitter/register").authenticated()
Is there any cure of this to get rid of it or else it will double the effort just to append the / just to redirect to the login page?
