Forum Discussion

David_Orban_240's avatar
Icon for Nimbostratus rankNimbostratus
Dec 20, 2010

Meta-character check on allowed wildcard URLs should not apply to explicitly set characters




Assume that I want to allow access to the following URLs:



/*/*.jsp with * being all characters except /



i.e. I want to allow /foo/one.jsp or /bar/two.jsp, but not /foo/bar/three.jsp



I would create an allowed wildcard URL of /*/*.jsp and I would disallow the / meta-character. Unfortunately, this does not work, because the meta-character check also applies to the / characters that have been explicitely defined. IMO, the check should only apply to the characters matched by *. (this is why there is no meta-character check for explicit URLs, right?)



1) Don't you think this behavior is wrong?


2) How would you work around this?






No RepliesBe the first to reply