如何将Ant匹配器转换为Spring MVC匹配器?

huangapple
go评论53阅读模式
英文:

How to Convert Ant Matcher to Spring MVC Matchers?

问题

我正在与Fortify一起工作,针对我的最新项目,我收到了一些建议,建议我将模式匹配器从Spring MVC端点的Ant匹配器更新为MVC请求匹配器。建议的实际文本如下...

Fortify建议:

为了保护Spring MVC端点,请使用MVC请求匹配器,而不是Ant匹配器。

MVC匹配器的每个示例都在Java上下文中,而此文件是一个XML文件,Fortify明确指出的行的格式如下。我不确定要更新或执行哪些操作以消除这个建议,将接受任何建议。

<http pattern="/fu.jsp" security="none" />
<http pattern="/bar/**" security="none" />
<intercept-url pattern="/fubarLogins" access="allAccess" />
英文:

I am working with Fortify on my latest project, and have a recommendation to update my pattern matcher from an Ant Matcher for Spring MVC endpoints to MVC request matchers. The actual text of the recommendation is this...

Fortify Recommendation:

To protect Spring MVC endpoints, use the MVC request matcher instead of the Ant matcher.

Every example of the use of MVC matchers is in a Java context, and this file is an XML file, and the lines that Fortify is specifically calling out are formatted like this. I am not sure what to update or do to get rid of this recommendation and would take any suggestions.

<http pattern="/fu.jsp" sfuecurity="none" />
<http pattern="/bar/**" security="none" />
<intercept-url pattern="/fubarLogins" access="allAccess" />

答案1

得分: 0

这是我解决的方式。

<http auto-config="true" request-matcher="mvc">
<intercept-url pattern="/fubar.jsp"  />
</http>

这确实让我遇到了一个应用程序上下文错误,我后来不得不解决它。

英文:

This is how I resolved it.

 <http auto-config="true" request-matcher="mvc">
 <intercept-url pattern="/fubar.jsp"  />
 </http>

It did leave me with an application context error that I had to go about resolving later on.

huangapple
  • 本文由 发表于 2023年7月13日 22:53:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/76680788.html
  • fortify
  • java
  • xml
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定