diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java index 9ea268e8c2..7ec65d6ddf 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java @@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collection; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -320,14 +321,17 @@ public abstract class AbstractRequestMatcherRegistry { if (!hasDispatcherServlet(registrations)) { return requestMatchers(RequestMatchers.antMatchersAsArray(method, patterns)); } - Assert.isTrue(registrations.size() == 1, - "This method cannot decide whether these patterns are Spring MVC patterns or not. If this endpoint is a Spring MVC endpoint, please use requestMatchers(MvcRequestMatcher); otherwise, please use requestMatchers(AntPathRequestMatcher)."); + if (registrations.size() > 1) { + String errorMessage = computeErrorMessage(registrations.values()); + throw new IllegalArgumentException(errorMessage); + } return requestMatchers(createMvcMatchers(method, patterns).toArray(new RequestMatcher[0])); } private Map mappableServletRegistrations(ServletContext servletContext) { Map mappable = new LinkedHashMap<>(); - for (Map.Entry entry : servletContext.getServletRegistrations().entrySet()) { + for (Map.Entry entry : servletContext.getServletRegistrations() + .entrySet()) { if (!entry.getValue().getMappings().isEmpty()) { mappable.put(entry.getKey(), entry.getValue()); } @@ -355,6 +359,19 @@ public abstract class AbstractRequestMatcherRegistry { return false; } + private String computeErrorMessage(Collection registrations) { + String template = "This method cannot decide whether these patterns are Spring MVC patterns or not. " + + "If this endpoint is a Spring MVC endpoint, please use requestMatchers(MvcRequestMatcher); " + + "otherwise, please use requestMatchers(AntPathRequestMatcher).\n\n" + + "This is because there is more than one mappable servlet in your servlet context: %s.\n\n" + + "For each MvcRequestMatcher, call MvcRequestMatcher#setServletPath to indicate the servlet path."; + Map> mappings = new LinkedHashMap<>(); + for (ServletRegistration registration : registrations) { + mappings.put(registration.getClassName(), registration.getMappings()); + } + return String.format(template, mappings); + } + /** *

* If the {@link HandlerMappingIntrospector} is available in the classpath, maps to an diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java index 2ca3d8f25c..fa0a794151 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java @@ -63,12 +63,13 @@ public class AbstractRequestMatcherRegistryTests { private WebApplicationContext context; @BeforeEach - public void setUp() { + public void setUp() throws Exception { this.matcherRegistry = new TestRequestMatcherRegistry(); this.context = mock(WebApplicationContext.class); given(this.context.getBean(ObjectPostProcessor.class)).willReturn(NO_OP_OBJECT_POST_PROCESSOR); given(this.context.getServletContext()).willReturn(MockServletContext.mvc()); this.matcherRegistry.setApplicationContext(this.context); + mockMvcPresentClasspath(true); } @Test @@ -219,6 +220,7 @@ public class AbstractRequestMatcherRegistryTests { @Test public void requestMatchersWhenUnmappableServletsThenSkips() { + mockMvcIntrospector(true); MockServletContext servletContext = new MockServletContext(); given(this.context.getServletContext()).willReturn(servletContext); servletContext.addServlet("dispatcherServlet", DispatcherServlet.class).addMapping("/");