Some MVC frameworks allow for leaving out the leading slash from request mappings:
Which can lead folks to use the same pattern in their request matcher:
However, this has a different meaning in Ant. When what intend is likely:
requestMatchers("/app/**")Spring Security should remove this ambiguity by failing when a leading slash is missing from any requestMatchers pattern.
Since this wouldn't be passive, for 6.x, we should log a warning message. For 7.x, we should throw an exception.
Some MVC frameworks allow for leaving out the leading slash from request mappings:
Which can lead folks to use the same pattern in their request matcher:
However, this has a different meaning in Ant. When what intend is likely:
Spring Security should remove this ambiguity by failing when a leading slash is missing from any
requestMatcherspattern.Since this wouldn't be passive, for
6.x, we should log a warning message. For7.x, we should throw an exception.