Spring-Security: Difference Between /** and /* url pattern in Spring-Security

Question

I am little bit confuse with URL-pattern in spring security. Because, in servlet core http security, the / and /* url patterns are used for specify one or more directories. / is use for one directory and /* is used of many directories. But in spring-security, the /** is also introduce, what is the main purpose of /** url-pattern in security.

Rahul Jain · Accepted Answer

The difference between /* & /** is that the second matches the entire directory tree, including subdirectories, where as /* only matches at the level it's specified at.

Andrey Dorohovich · Answer

 @Override
    protected void configure(HttpSecurity http) throws Exception {
    // ...
    .antMatchers(HttpMethod.GET, "/**").permitAll
    .antMatchers(HttpMethod.POST, "/*").permitAll
    // ...
 }

In this configuration any "Get" request will be permitted, for example:

/book
/book/20
/book/20/author

So, all this urls match text with pattern "/**".

Permitted urls for "Post":

/book
/magazine

Urls above match with "/*"

Spring-Security: Difference Between /** and /* url pattern in Spring-Security

Tags:

java

security

spring-security

url-pattern

Harmeet Singh Taara

2 Answers

Rahul Jain

Andrey Dorohovich

Recent Activity

Donate For Us

Spring-Security: Difference Between /** and /* url pattern in Spring-Security

Tags:

java

security

spring-security

url-pattern

Harmeet Singh Taara

2 Answers

Rahul Jain

Andrey Dorohovich

Related questions

Recent Activity

Donate For Us