如何在GET请求中识别地址里面的参数是什么？ request.getParameterMap() 总是返回 null

Question

I'm implementing a method for dynamic validation of roles for requests in configure(HTTP HttpSecurity) using a FilterInvocationSecurityMetadataSource implementation class, however, I'm having problems in the getAttributes(Object object) method to identify in the GET requests what is parameter inside the address. For example, when the /api/users/user.name request arrives the method for this request is @GetMapping("/users/{login: "+ Constants.LOGIN_REGEX +"}") , as I do to know that for this request the string user.name is a value in the URI based on what is set in @GetMapping?

I tried with request.getParameterMap() but it always gets null.

What I've done so far:

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends ResourceServerConfigurerAdapter {
// ....
    @Override
    public void configure(HttpSecurity http) throws Exception {

        http
            .csrf().disable()
            .addFilterBefore(corsFilter, CsrfFilter.class)
            .headers()
            .frameOptions()
            .disable()
        .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .authorizeRequests()
            .anyRequest().authenticated()
            .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
                public <O extends FilterSecurityInterceptor> O postProcess(
                        O fsi) {
                    fsi.setSecurityMetadataSource(dynamicSecurityMetadataSource);
                    fsi.setAccessDecisionManager(new SecurityAccessDecisionManager());
                    return fsi;
                }
            });
    }

// ...
}

Implementation FilterInvocationSecurityMetadataSource:

@Component
public class DynamicSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {

    @Autowired
    private SystemURLRepository systemURLRepository;

    @Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {

        final HttpServletRequest request = ((FilterInvocation) object).getRequest();

        // Get request method (post, get, delete, ...)
        String requestMethod = request.getMethod();





        // Get string url from request
        String urlWithoutContextPath = request.getRequestURI().substring(request.getContextPath().length());

        // Query to verify roles from URI`s
        Optional<SystemURL> foundUrl = systemURLRepository.findAllByValue(urlWithoutContextPath);

        // If exists in database, return Collection contains information Roles
        if(foundUrl.isPresent()){
            Collection<ConfigAttribute> rolesAllowed = foundUrl.get().getRolesAllowed().stream().map(this::configAttribute).collect(Collectors.toList()); 

            return rolesAllowed;
        }


        return null;
    }

// ...

}

Answer 1

Servlet Containers don't parse the path , they only process the query string or an application/x-www-form-urlencoded request body. From section 3.1 in the Servlet Spec:

Data from the query string and the post body are aggregated into the request parameter set.

To extract the path, you'll need to parse it yourself, though spring-web does provide some support for it, if that is of interest in your situation:

AntPathMatcher matcher = new AntPathMatcher();
UrlPathHelper helper = new UrlPathHelper();
Map<String, String> extracted =
        matcher.extractUriTemplateVariables("/user/{userName}",                 
                helper.getLookupPathForRequest(request));
String userName = extracted.get("userName");

Remember that Servlet Containers may not decode the path like they do the query string, which is why the code above uses UrlPathHelper to first decode the path.