Spring-security cannot match “?parameter” format?

Question

I use spring-security to secure my web, when I\'m learning it by spring-roo generated config file in applicationContext-security.xml, in node:

Answer 1

That behavior is defined by the "request-matcher" in use. As indicated by the documentation, the default is "ant", which indicates to use an AntPathRequestMatcher, and an alternative is "regex", the RegexRequestMatcher. The javadocs (linked) give specifics about the matchers, including the fact that the former matches against a request's "servletPath + pathInfo", and the latter against its "servletPath + pathInfo + queryString".