Possible bug in PathBasedFilterInvocationDefinitionMap
This is either a bug or a misunderstanding on my part. I have a FilterSecurityInterceptor defined for my web site with an objectDefinitionSource in my Spring config that contains something along these lines:
Basically what I'm trying to accomplish is to secure (require a login) for all content below /somepath/** EXCEPT for the specific page /somepath/somesubpath/SpecificPage (hence, the empty role list). I did a quick look at the source code and it appears this should work except that PathBasedFilterInvocationDefinitionMap has this line in the addSecureUrl method:Code:<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property> <property name="runAsManager"><ref bean="runAsManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT ... /somepath/somesubpath/SpecificPage= /somepath/**=ROLE_USER </value> </property> </bean>
However, since I have an empty role list on the right hand side of my path the "ConfigAttributeDefinition attr" parameter is null at this point, so I get a NullPointerException.Code:if (logger.isDebugEnabled()) { logger.debug("Added Ant path: " + antPath + "; attributes: " + attr.toString()); }
Is this a bug, or should I be approaching the issue differently?
Thanks,
Andy
