4

How should I use parameters like this in regexMatcher in Spring Security? I have many URLs that start with /sUrl and have different parameters. This code doesn't work!

.regexMatchers("\\/sUrl\\?params=\\{url:\"reports\\/Manager\",subSystem:\"ABS\"\\}").access("hasRole('ROLE_ABS')")

Controller:

@RequestMapping(value = "sUrl", method = RequestMethod.GET)
public RedirectView sUrl(@RequestParam(name = "params") String params) {
            RedirectView redirectView = new RedirectView();
        .
        .
        .
            return redirectView;
}

URL seen in network partition of browser inspector when I click on this link:

sUrl?params={url:%22reports/Manager%22,subSystem:%22ABS%22}

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
faraa
  • 575
  • 3
  • 14
  • 42

1 Answers1

5

You have to use a regular expression with the URL-encoded query parameter, see RegexRequestMatcher:

Uses a regular expression to decide whether a supplied the URL of a supplied HttpServletRequest. Can also be configured to match a specific HTTP method. The match is performed against the servletPath + pathInfo + queryString of the request and is case-sensitive by default. Case-insensitive matching can be used by using the constructor which takes the caseInsensitive argument.

and HttpServletRequest:

Returns the query string that is contained in the request URL after the path. This method returns null if the URL does not have a query string. Same as the value of the CGI variable QUERY_STRING.

Returns:

a String containing the query string or null if the URL contains no query string. The value is not decoded by the container.

Your modfified code:

.regexMatchers("\\/sUrl\\?params=\\{url:%22reports\\/Manager\%22,subSystem:%22ABS%22\\}").access("hasRole('ROLE_ABS')")
dur
  • 15,689
  • 25
  • 79
  • 125