Menu
what is the difference between a Spring Security intercept-url pattern with path/** or path/* I've seen some Spring security configurations that have the below, but I don't understand the /* vs /**
670
Most web applications using Spring Security only have a couple of intercept-url s because they only have very basic security requirements. You need to have unauthenticated access to the login and login-error screens and usually some aspect of the public site, so that can be a few URL patterns.
hasRole. Determines if the getAuthentication() has a particular authority within Authentication. getAuthorities() . This is similar to hasAuthority(String) except that this method implies that the String passed in is a role.
Description. hasRole([role]) Returns true if the current principal has the specified role. hasAnyRole([role1,role2]) Returns true if the current principal has any of the supplied roles (given as a comma-separated list of strings)
The /** vs. /* is a pretty common thing in frameworks nowadays, and is generally referred to as Apache Ant Pathing or something similar. Basically, the difference between the 2 is that /** matches the entire directory tree, including subdirectories, where as /* only matches at the level it's specified at.
For example, suppose you had the following files
Main.java directory/Main.java Then
/*.java Would match Main.java, but not directory/Main.java, whereas
/**/*.java would match both.
Obviously the principles applies exactly the same for urls in Spring Security, just seemed to a bit easier to illustrate it via file names in this case.
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
