0

I have a Constraint/ConstraintMapping that enables authentication. However, I need to exclude exactly one path from it, where authentication is not needed (and only for GET requests).

I created a constraint mapping with no constraint:

    ConstraintMapping exclude = new ConstraintMapping();
    exclude.setPathSpec("/items/{id}/list");
    exclude.setMethod("GET");

The questions I have regarding this is:

  • How can I add a pathSpec where there is an {id} parameter? I believe using setPathSpec("/items/{id}/list") wouldn't work.
  • If I add the method GET, will it be only enabled for GET requests to that endpoint?
jhthewow
  • 133
  • 1
  • 3
  • 12

1 Answers1

0

ConstraintMapping is a servlet concept.

The PathSpec only supports url-pattern rules from the servlet spec.

Your declaration of /items/{id}/list looks like a URI Template based path spec, which is unsupported by the Servlet spec.

See past answer on what the servlet url-pattern rules are ...

https://stackoverflow.com/a/14018272/775715

Joakim Erdfelt
  • 46,896
  • 7
  • 86
  • 136