We have our FilterSecurityInterceptor loaded with lots of URLs using regex path-type. For example we have:
When I enter the URL "http://<server:8443>/somepath.html" with the correct privileges I am successfully granted access to the page.
<sec:intercept-url pattern="\A/somepath\.html.\Z" access="ROLE_PRIVILEGED_USER"/>
When I enter the URL "http://<server:8443>/somepath.html" without the correct privileges I am successfully blocked access to the page.
When I enter the URL "http://<server:8443>/somePath.html" without the correct privileges I am granted access to the page when I shouldn't be (Note the capital "P" in the URL).
I read that regex is case sensitive which is unlike ant path-type which is case insensitive. Since "somePath.html" is not matched the request is passed to SomePathController and hence everything works correctly. If I do something like "soMepath.html" I get a page not found since it doesn't match the interceptor patterns and doesn't find a matching Controller.
Is this the way it is supposed to work?
Further, how do you make regex pattern noted above case insensitive?
P.S. - We need to use regex because we check query parameters in the intercept patterns.