Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prepare Request Matching for Spring Framework Changes #16417

Open
6 tasks
jzheaux opened this issue Jan 14, 2025 · 2 comments
Open
6 tasks

Prepare Request Matching for Spring Framework Changes #16417

jzheaux opened this issue Jan 14, 2025 · 2 comments
Assignees
@jzheaux
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
6.5.x

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Jan 14, 2025
edited
Loading

In future versions of Spring Security, we should move away from PathMatcher (used by AntPathRequestMatcher) and HandlerMappingIntrospector (used by MvcRequestMatcher) as they will be deprecated in future releases of Spring Framework.

This will also assist with efforts to simplify construction of path-based RequestMatchers.

  • Add PathPatternRequestMatcher
    Spring Framework 5 introduced PathPattern and PathPatternParser, and these are components that we should be able to standardize on, allowing this request matcher to be general-purpose, and not Spring MVC-specific like MvcRequestMatcher
    *This would use neither HandlerMappingIntrospector nor PathMatcher

  • Simplify Specifying servletPath in the Java DSL
    Currently, this is only possible by constructing an MvcRequestMatcher, which is MVC-specific and requires a HandlerMappingIntrospector

  • Favor using PathPatternRequestMatcher
    We can default to Framework's PathPatternParser for MVC endpoints when HandlerMappingIntrospector#allHandlerMappingsUsePathPatternParser returns true

    We can default to Framework's PathPatternParser for non-MVC endpoints

    This should have an opt-in mechanism in order to remain passive.

  • Deprecate MvcRequestMatcher

  • Deprecate AntPathRequestMatcher

  • Deprecate any other usages of PathMatcher
@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Jan 14, 2025
@jzheaux jzheaux added this to the 6.5.x milestone Jan 14, 2025
@jzheaux jzheaux self-assigned this Jan 14, 2025
@evgeniycheban
Copy link
Contributor

Hi, @jzheaux, can I work on this? I'd want to start with adding PathPatternRequestMatcher along with tests.

@jzheaux
Copy link
Contributor Author

jzheaux commented Jan 15, 2025
edited
Loading

Hi, @evgeniycheban, thanks for volunteering! Some of this is already addressed in a draft PR, so allow me to clean that up first so it's clear what work remains. I'll report back here when that's ready, and then we can divvy out the remaining work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
6.5.x
Development

No branches or pull requests
2 participants
@jzheaux @evgeniycheban