Add default validation for $namespace, $controller, and $action url mapping variables by codeconsole · Pull Request #15525 · apache/grails-core

codeconsole · 2026-03-23T05:04:51Z

Validates namespace, controller and action. If validation fails, triggers next mapping.
Literals override wildcards.

        "/$namespace/$controller/$action?/$id?(.$format)?" {}
        "/$controller/$action?/$id?(.$format)?"{}
        "/community" { controller: 'topic', action: 'home' } // literals win even when namespace or controller CommunityController exists
        group "/community", namespace: 'community', { 
              "/$controller/$action?"()
              group "/files", controller: 'fileServing', namespace: null, { // allow null namespace overrides on group mappings
                     "/$imageId"()
              }
        } 
        "/$username"(controller: 'profile', action: 'show'

Without validation, you have to a do something messy like this:

        "/$username"(ontroller: 'profile', action: 'show') {
            constraints {
                username(validator: { val -> !(val in reserved) })
            }
        }

I can't think why you would want to disable this feature, but it can be disabled via:

grails:                                                                                                                                                    
    web:                                                                                                                                                   
        url:                                                                                                                                               
           mapping:                                                                                                                                       
               validateWildcards: false

Does not affect performance:

Calls info.configure(webRequest) for each match — sets params on the web request
Does a ConcurrentHashMap.get() for the ControllerKey lookup
Now additionally: info.hasWildcardCaptures() (three instanceof checks) when the lookup misses

Steps 1 and 2 were already happening before this change. The only new cost is step 3, which is negligible.

…apping variables

codeconsole · 2026-03-28T18:05:25Z

I am doing some final testing and want to do 1 more doc update before merging

matrei · 2026-03-28T21:28:21Z

@codeconsole There is an existing config setting with the config key:

grails:
    urlmapping:
        cache:
            maxsize: 1000

Should we use that namespace instead for validateWildcards?

grails:
    urlmapping:
        validateWildcards: false
        cache:
            maxsize: 1000

testlens-app · 2026-03-29T00:57:50Z

✅ All tests passed ✅

⚠️ TestLens detected flakiness ⚠️

Test Summary

Check	Project/Task	Test	Runs
CI / Functional Tests (Java 21, indy=false)	:grails-test-examples-app1:integrationTest	AsyncPromiseSpec > async service processes string input	❌ ✅
CI / Functional Tests (Java 21, indy=false)	:grails-test-examples-app1:integrationTest	AsyncPromiseSpec > multi-stage process reports all stages	❌ ✅

🏷️ Commit: 04904da
▶️ Tests: 9974 executed
⚪️ Checks: 35/35 completed

Learn more about TestLens at testlens.app.

codeconsole · 2026-04-01T00:28:48Z

@codeconsole There is an existing config setting with the config key:

@matrei
yeah, I will create another PR

Add default validation for $namespace, $controller, and $action url m…

3e9f368

…apping variables

github-project-automation bot added this to Apache Grails Mar 23, 2026