imaffe commented on pull request #615: URL: https://github.com/apache/rocketmq-externals/pull/615#issuecomment-673312418
> Spring 的 path pattern 不支持真正的正则表达式,所以写后缀确实也会比较麻烦 Though your proposal is more aligned with least privilege principle, and this is basically 1. default no access, allow access on certain resources versus 2. default all access, deny access on certain resources. If using method 1, I don't know if I can enumerate all resources that needs be accessed without protection as I believe in this scenario "public resources" are more than "need-protect resources". I agree with both way but I think method 2 are probably easier to maintain as we know what API exposes data. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
