WebFlux now uses ParsingPathMatcher

Fixes gh-4388

config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java

@@ -20,10 +20,6 @@ import org.springframework.security.web.server.util.matcher.OrServerWebExchangeM
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.*;
-
-import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
 
 
@@ -52,8 +48,8 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 	 *
 	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
 	 */
-	public T antMatchers(HttpMethod method) {
+	public T pathMatchers(HttpMethod method) {
-		return antMatchers(method, new String[] { "/**" });
+		return pathMatchers(method, new String[] { "/**" });
 	}
 
 	/**
@@ -68,8 +64,8 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 	 *
 	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
 	 */
-	public T antMatchers(HttpMethod method, String... antPatterns) {
+	public T pathMatchers(HttpMethod method, String... antPatterns) {
-		return matcher(ServerWebExchangeMatchers.antMatchers(method, antPatterns));
+		return matcher(ServerWebExchangeMatchers.pathMatchers(method, antPatterns));
 	}
 
 	/**
@@ -82,8 +78,8 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 	 *
 	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
 	 */
-	public T antMatchers(String... antPatterns) {
+	public T pathMatchers(String... antPatterns) {
-		return matcher(ServerWebExchangeMatchers.antMatchers(antPatterns));
+		return matcher(ServerWebExchangeMatchers.pathMatchers(antPatterns));
 	}
 
 	/**

config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java

@@ -33,7 +33,7 @@ public class AuthorizeExchangeBuilderTests {
 
 	@Test
 	public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
-		authorization.antMatchers(HttpMethod.POST, "/a", "/b").denyAll();
+		authorization.pathMatchers(HttpMethod.POST, "/a", "/b").denyAll();
 		authorization.anyExchange().permitAll();
 
 		WebTestClient client = buildClient();
@@ -62,7 +62,7 @@ public class AuthorizeExchangeBuilderTests {
 
 	@Test
 	public void antMatchersWhenPatternsThenAnyMethod() {
-		authorization.antMatchers("/a", "/b").denyAll();
+		authorization.pathMatchers("/a", "/b").denyAll();
 		authorization.anyExchange().permitAll();
 
 		WebTestClient client = buildClient();
@@ -90,19 +90,19 @@ public class AuthorizeExchangeBuilderTests {
 
 	@Test(expected = IllegalStateException.class)
 	public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() {
-		authorization.antMatchers("/incomplete");
+		authorization.pathMatchers("/incomplete");
-		authorization.antMatchers("/throws-exception");
+		authorization.pathMatchers("/throws-exception");
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void anyExchangeWhenFollowedByMatcherThenThrowsException() {
 		authorization.anyExchange().denyAll();
-		authorization.antMatchers("/never-reached");
+		authorization.pathMatchers("/never-reached");
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void buildWhenMatcherDefinedWithNoAccessThenThrowsException() {
-		authorization.antMatchers("/incomplete");
+		authorization.pathMatchers("/incomplete");
 		authorization.build();
 	}
 

samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java

@@ -40,8 +40,8 @@ public class SecurityConfig {
 	@Bean
 	WebFilterChainFilter springSecurityFilterChain(HttpSecurity http) throws Exception {
 		http.authorizeExchange()
-			.antMatchers("/admin/**").hasRole("ADMIN")
+			.pathMatchers("/admin/**").hasRole("ADMIN")
-			.antMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
+			.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
 			.anyExchange().authenticated();
 
 		return http.build();

samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java

@@ -40,8 +40,8 @@ public class SecurityConfig {
 	@Bean
 	WebFilterChainFilter springSecurityFilterChain(HttpSecurity http) throws Exception {
 		http.authorizeExchange()
-			.antMatchers("/admin/**").hasRole("ADMIN")
+			.pathMatchers("/admin/**").hasRole("ADMIN")
-			.antMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
+			.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
 			.anyExchange().authenticated();
 
 		return http.build();

webflux/src/main/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcher.java

@@ -22,10 +22,10 @@ import java.util.Map;
 
 import org.springframework.http.HttpMethod;
 import org.springframework.http.server.reactive.ServerHttpRequest;
-import org.springframework.util.AntPathMatcher;
 import org.springframework.util.Assert;
 import org.springframework.util.PathMatcher;
 import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.util.pattern.ParsingPathMatcher;
 import reactor.core.publisher.Mono;
 
 /**
@@ -33,7 +33,9 @@ import reactor.core.publisher.Mono;
  * @since 5.0
  */
 public final class PathMatcherServerWebExchangeMatcher implements ServerWebExchangeMatcher {
-	private PathMatcher pathMatcher = new AntPathMatcher();
+	private static final PathMatcher DEFAULT_PATH_MATCHER = new ParsingPathMatcher();
+
+	private PathMatcher pathMatcher = DEFAULT_PATH_MATCHER;
 
 	private final String pattern;
 	private final HttpMethod method;

webflux/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java

@@ -30,7 +30,7 @@ import java.util.List;
  */
 public abstract class ServerWebExchangeMatchers {
 
-	public static ServerWebExchangeMatcher antMatchers(HttpMethod method, String... patterns) {
+	public static ServerWebExchangeMatcher pathMatchers(HttpMethod method, String... patterns) {
 		List<ServerWebExchangeMatcher> matchers = new ArrayList<>(patterns.length);
 		for (String pattern : patterns) {
 			matchers.add(new PathMatcherServerWebExchangeMatcher(pattern, method));
@@ -38,8 +38,8 @@ public abstract class ServerWebExchangeMatchers {
 		return new OrServerWebExchangeMatcher(matchers);
 	}
 
-	public static ServerWebExchangeMatcher antMatchers(String... patterns) {
+	public static ServerWebExchangeMatcher pathMatchers(String... patterns) {
-		return antMatchers(null, patterns);
+		return pathMatchers(null, patterns);
 	}
 
 	public static ServerWebExchangeMatcher matchers(ServerWebExchangeMatcher... matchers) {

webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java

@@ -27,7 +27,7 @@ import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.antMatchers;
+import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.anyExchange;
 
 /**
@@ -38,28 +38,28 @@ public class ServerWebExchangeMatchersTests {
 	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
 
 	@Test
-	public void antMatchersWhenSingleAndSamePatternThenMatches() throws Exception {
+	public void pathMatchersWhenSingleAndSamePatternThenMatches() throws Exception {
-		assertThat(antMatchers("/").matches(exchange).block().isMatch()).isTrue();
+		assertThat(pathMatchers("/").matches(exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
-	public void antMatchersWhenSingleAndSamePatternAndMethodThenMatches() throws Exception {
+	public void pathMatchersWhenSingleAndSamePatternAndMethodThenMatches() throws Exception {
-		assertThat(antMatchers(HttpMethod.GET, "/").matches(exchange).block().isMatch()).isTrue();
+		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/").matches(exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
-	public void antMatchersWhenSingleAndSamePatternAndDiffMethodThenDoesNotMatch() throws Exception {
+	public void pathMatchersWhenSingleAndSamePatternAndDiffMethodThenDoesNotMatch() throws Exception {
-		assertThat(antMatchers(HttpMethod.POST, "/").matches(exchange).block().isMatch()).isFalse();
+		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/").matches(exchange).block().isMatch()).isFalse();
 	}
 
 	@Test
-	public void antMatchersWhenSingleAndDifferentPatternThenDoesNotMatch() throws Exception {
+	public void pathMatchersWhenSingleAndDifferentPatternThenDoesNotMatch() throws Exception {
-		assertThat(antMatchers("/foobar").matches(exchange).block().isMatch()).isFalse();
+		assertThat(pathMatchers("/foobar").matches(exchange).block().isMatch()).isFalse();
 	}
 
 	@Test
-	public void antMatchersWhenMultiThenMatches() throws Exception {
+	public void pathMatchersWhenMultiThenMatches() throws Exception {
-		assertThat(antMatchers("/foobar", "/").matches(exchange).block().isMatch()).isTrue();
+		assertThat(pathMatchers("/foobar", "/").matches(exchange).block().isMatch()).isTrue();
 	}
 
 	@Test
@@ -74,7 +74,7 @@ public class ServerWebExchangeMatchersTests {
 	/**
 	 * If a LinkedMap is used and anyRequest equals anyRequest then the following is added:
 	 * anyRequest() -> authenticated()
-	 * antMatchers("/admin/**") -> hasRole("ADMIN")
+	 * pathMatchers("/admin/**") -> hasRole("ADMIN")
 	 * anyRequest() -> permitAll
 	 *
 	 * will result in the first entry being overridden