Hours wasted with Acegi’s FilterSecurityInterceptor & CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON

Sometimes the answer to a problem is staring you right in your face. Across several evenings I spent a number of hours trying to work out why my URL based security using Acegi for my Grails application I am working on would not work. I though I was misunderstanding how to specify the wildcards using Ant syntax, and so kept trying many different variations of patterns to try and match the URLs I was trying to protect.

It finally dawned on me that the CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON instruction defined with the FilterSecurityInterceptor was causing all my problems. Some of my URLs contain mixed case, and I had blindly copied them into my configuration file, and forgot all about this setting to convert all URLs to lower case before comparing. Wow, that seems so obvious now, but I think it took me at least 6 hours of head scratching and reading many posts online before I worked out what was going wrong.

For an example of my configuration file and more details, see my other post here.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.