Examples of org.springframework.security.web.util.matcher.AntPathRequestMatcher

• org.springframework.security.web.util.matcher.AntPathRequestMatcher
  Matcher which compares a pre-defined ant-style pattern against the URL ( {@code servletPath + pathInfo}) of an {@code HttpServletRequest}. The query string of the URL is ignored and matching is case-insensitive or case-sensitive depending on the arguments passed into the constructor.

  Using a pattern value of {@code /**} or {@code **} is treated as a universalmatch, which will match any request. Patterns which end with {@code /**} (and have no other wildcards)are optimized by using a substring match — a pattern of {@code /aaa/**} will match {@code /aaa}, {@code /aaa/} and any sub-directories, such as {@code /aaa/bbb/ccc}.

  For all other cases, Spring's {@link AntPathMatcher} is used to perform the match. See the Spring documentationfor this class for comprehensive information on the syntax used.

  @author Luke Taylor @author Rob Winch @since 3.1 @see org.springframework.util.AntPathMatcher

        assertFalse(matcher.matches(createRequest("/login.html/blah")));
    }

    @Test
    public void httpMethodSpecificMatchOnlyMatchesRequestsWithCorrectMethod() throws Exception {
        AntPathRequestMatcher matcher = new AntPathRequestMatcher("/blah", "GET");
        MockHttpServletRequest request = createRequest("/blah");
        request.setMethod("GET");
        assertTrue(matcher.matches(request));
        request.setMethod("POST");
        assertFalse(matcher.matches(request));
    }

    }

    @Test
    public void caseSensitive() throws Exception {
        MockHttpServletRequest request = createRequest("/UPPER");
        assertThat(new AntPathRequestMatcher("/upper",null,true).matches(request)).isFalse();
        assertThat(new AntPathRequestMatcher("/upper","POST",true).matches(request)).isFalse();
        assertThat(new AntPathRequestMatcher("/upper","GET",true).matches(request)).isFalse();

        assertThat(new AntPathRequestMatcher("/upper",null,false).matches(request)).isTrue();
        assertThat(new AntPathRequestMatcher("/upper","POST",false).matches(request)).isTrue();
    }

    }

    @Test
    public void equalsBehavesCorrectly() throws Exception {
        // Both universal wildcard options should be equal
        assertEquals(new AntPathRequestMatcher("/**"), new AntPathRequestMatcher("**"));
        assertEquals(new AntPathRequestMatcher("/xyz"), new AntPathRequestMatcher("/xyz"));
        assertEquals(new AntPathRequestMatcher("/xyz", "POST"), new AntPathRequestMatcher("/xyz", "POST"));
        assertFalse(new AntPathRequestMatcher("/xyz", "POST").equals(new AntPathRequestMatcher("/xyz", "GET")));
        assertFalse(new AntPathRequestMatcher("/xyz").equals(new AntPathRequestMatcher("/xxx")));
        assertFalse(new AntPathRequestMatcher("/xyz").equals(AnyRequestMatcher.INSTANCE));
        assertFalse(new AntPathRequestMatcher("/xyz","GET", false).equals(new AntPathRequestMatcher("/xyz","GET", true)));
    }

        assertFalse(new AntPathRequestMatcher("/xyz","GET", false).equals(new AntPathRequestMatcher("/xyz","GET", true)));
    }

    @Test
    public void toStringIsOk() throws Exception {
        new AntPathRequestMatcher("/blah").toString();
        new AntPathRequestMatcher("/blah", "GET").toString();
    }

     * @see org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer#createLoginProcessingUrlMatcher(java.lang.String)
     */
    @Override
    protected RequestMatcher createLoginProcessingUrlMatcher(
            String loginProcessingUrl) {
        return new AntPathRequestMatcher(loginProcessingUrl, "POST");
    }

    //~ Methods ========================================================================================================
    private void createFids(String pattern, String method) {
        LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap =
            new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
        requestMap.put(new AntPathRequestMatcher(pattern, method), def);
        fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
    }

    public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() throws Exception {
        LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap =
            new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
        Collection<ConfigAttribute> userAttrs = SecurityConfig.createList("A");

        requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs);
        requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"),  SecurityConfig.createList("B"));
        fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);

        FilterInvocation fi = createFilterInvocation("/user", null, null, "GET");
        Collection<ConfigAttribute> attrs = fids.getAttributes(fi);
        assertEquals(userAttrs, attrs);

        ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
        if(contentNegotiationStrategy == null) {
            contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
        }

        RequestMatcher notFavIcon = new NegatedRequestMatcher(new AntPathRequestMatcher("/**/favicon.ico"));

        MediaTypeRequestMatcher jsonRequest = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_JSON);
        jsonRequest.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
        RequestMatcher notJson = new NegatedRequestMatcher(jsonRequest);

        RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With","XMLHttpRequest"));

        boolean isCsrfEnabled = http.getConfigurer(CsrfConfigurer.class) != null;

        List<RequestMatcher> matchers = new ArrayList<RequestMatcher>();
        if(isCsrfEnabled) {
            RequestMatcher getRequests = new AntPathRequestMatcher("/**", "GET");
            matchers.add(0, getRequests);
        }
        matchers.add(notFavIcon);
        matchers.add(notJson);
        matchers.add(notXRequestedWith);

    private RequestMatcher getLogoutRequestMatcher(H http) {
        if(logoutRequestMatcher != null) {
            return logoutRequestMatcher;
        }
        if(http.getConfigurer(CsrfConfigurer.class) != null) {
            this.logoutRequestMatcher = new AntPathRequestMatcher(this.logoutUrl, "POST");
        } else {
            this.logoutRequestMatcher = new AntPathRequestMatcher(this.logoutUrl);
        }
        return this.logoutRequestMatcher;
    }

     * @see org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer#createLoginProcessingUrlMatcher(java.lang.String)
     */
    @Override
    protected RequestMatcher createLoginProcessingUrlMatcher(
            String loginProcessingUrl) {
        return new AntPathRequestMatcher(loginProcessingUrl);
    }