Difference between antMatcher and mvcMatcher

by

As this methods’ signatures clearly say is also stated in the official documentation –

antMatcher(String antPattern) – Allows configuring the HttpSecurity to only be invoked when matching the provided ant pattern.

mvcMatcher(String mvcPattern) – Allows configuring the HttpSecurity to only be invoked when matching the provided Spring MVC pattern.

Generally mvcMatcher is more secure than an antMatcher. As an example:

  • antMatchers("/secured") matches only the exact /secured URL
  • mvcMatchers("/secured") matches /secured as well as /secured/, /secured.html, /secured.xyz

and therefore is more general and can also handle some possible configuration mistakes.

mvcMatcher uses the same rules that Spring MVC uses for matching (when using @RequestMapping annotation).

If the current request will not be processed by Spring MVC, a reasonable default using the pattern as a ant pattern will be used. Source

It may be added that mvcMatchers API (since 4.1.1) is newer than the antMatchers API (since 3.1).

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)