From 58cb10dca91818d23c965fd39d1374eb3dad7a10 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 7 Jan 2025 11:18:55 -0700 Subject: [PATCH] SHIBUI-2646: MDQ fixes for trailing slashes for PAC4J config --- .../unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java index f3c64ec4a..a27b6265a 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jSpringSecurityConfig.java @@ -71,7 +71,9 @@ public AuditorAware pac4jAuditorAware() { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests().requestMatchers(new AntPathRequestMatcher("/unsecured/**/*"), - new AntPathRequestMatcher("/entities/**/*"), + new AntPathRequestMatcher("/entities*"), + new AntPathRequestMatcher("/entities/*"), + new AntPathRequestMatcher("/entities/**"), new AntPathRequestMatcher("/favicon.ico"), new AntPathRequestMatcher("/assets/**/*.png"), new AntPathRequestMatcher("/static/**/*"), @@ -127,7 +129,9 @@ public WebSecurityCustomizer webSecurityCustomizer() { firewall.setAllowSemicolon(true); return (web) -> web.ignoring().requestMatchers(new AntPathRequestMatcher("/unsecured/**/*"), - new AntPathRequestMatcher("/entities/**/*"), + new AntPathRequestMatcher("/entities*"), + new AntPathRequestMatcher("/entities/*"), + new AntPathRequestMatcher("/entities/**"), new AntPathRequestMatcher("/favicon.ico"), new AntPathRequestMatcher("/assets/**/*.png"), new AntPathRequestMatcher("/static/**/*"),