We have our FilterSecurityInterceptor loaded with lots of URLs using regex path-type. For example we have:

Code:
<sec:filter-security-metadata-source path-type="regex">
    <sec:intercept-url pattern="\A/somepath\.html.\Z" access="ROLE_PRIVILEGED_USER"/>
     ...
     ...
</sec:filter-security-metadata-source>
When I enter the URL "http://<server:8443>/somepath.html" with the correct privileges I am successfully granted access to the page.

When I enter the URL "http://<server:8443>/somepath.html" without the correct privileges I am successfully blocked access to the page.

When I enter the URL "http://<server:8443>/somePath.html" without the correct privileges I am granted access to the page when I shouldn't be (Note the capital "P" in the URL).

I read that regex is case sensitive which is unlike ant path-type which is case insensitive. Since "somePath.html" is not matched the request is passed to SomePathController and hence everything works correctly. If I do something like "soMepath.html" I get a page not found since it doesn't match the interceptor patterns and doesn't find a matching Controller.

Is this the way it is supposed to work?

Further, how do you make regex pattern noted above case insensitive?

P.S. - We need to use regex because we check query parameters in the intercept patterns.