FilterSecurityInterceptor can't match URL parameters
I am having trouble setting up a FilterSecurityInterceptor that is supposed to match a URL with parameters. Our application is built using the mach-ii framework, and as such all URL's are of the form:
http://glast/index.cfm?event=upload.satellite.command
(internally the mach-ii framework uses a look-up table to find the actual page associated with the string "upload.satellite.command", similiar to hiding jsp pages in /WEB-INF/jsp/ and using Spring MVC to render the view).
I want to protect my "upload.satellite.command" URL using Acegi, but the equal sign "=" used to pass the "event" parameter is causing me grief when I try to match it using a regexp. This was my attempt:
Even though I try to escape the "=" using "\=", Acegi seems to think that everything after the "\=" is the list of roles, and I get this exception in the logs on application startup:Code:<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <property name="runAsManager"><ref local="runAsManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/index\.cfm\?event\=upload\.satellite\.command.*\Z=ROLE_GLAST_ADMINISTRATOR </value> </property> </bean>
It looks like the problem is in FilterInvocationDefinitionSourceEditor.setAsText(S tring) since it is tokenizing my regexp expression using "=" without regard to the context of where "=" is used in the string.Code:java.lang.IllegalArgumentException: Malformed regular expression: \A/index\.cfm\?event\
How do I match a literal "=" in the regexp so that I can protect URL's based on parameters? It seems like matching URL parameters would be generally useful to for Acegi programmers.
Warmest reagrds, Matt
