Disable AntPathRequestMatcher trim tokens

Issue gh-3831

web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java

@@ -253,7 +253,7 @@ public final class AntPathRequestMatcher implements RequestMatcher {
 	}
 
 	private static class SpringAntMatcher implements Matcher {
-		private static final AntPathMatcher antMatcher = new AntPathMatcher();
+		private static final AntPathMatcher antMatcher = createMatcher();
 
 		private final String pattern;
 
@@ -270,6 +270,12 @@ public final class AntPathRequestMatcher implements RequestMatcher {
 		public Map<String, String> extractUriTemplateVariables(String path) {
 			return antMatcher.extractUriTemplateVariables(this.pattern, path);
 		}
+
+		private static AntPathMatcher createMatcher() {
+			AntPathMatcher matcher = new AntPathMatcher();
+			matcher.setTrimTokens(false);
+			return matcher;
+		}
 	}
 
 	/**

web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java

@@ -162,6 +162,17 @@ public class AntPathRequestMatcherTests {
 				.isTrue();
 	}
 
+	@Test
+	public void spacesInPathSegmentsAreNotIgnored() {
+		AntPathRequestMatcher matcher = new AntPathRequestMatcher("/path/*/bar");
+		MockHttpServletRequest request = createRequest("/path /foo/bar");
+		assertThat(matcher.matches(request)).isFalse();
+
+		matcher = new AntPathRequestMatcher("/path/foo");
+		request = createRequest("/path /foo");
+		assertThat(matcher.matches(request)).isFalse();
+	}
+
 	@Test
 	public void equalsBehavesCorrectly() throws Exception {
 		// Both universal wildcard options should be equal