Spring HandlerMappingIntrospector is throwing PatternSyntaxException for wildcards in the request URL

After upgrade the Spring Boot 3.2, a HTTP request with * wildcard is throwing an exception as below:

java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 16
/consumers/1234****/profile
                ^
    at java.base/java.util.regex.Pattern.error(Pattern.java:2028)
    at java.base/java.util.regex.Pattern.sequence(Pattern.java:2203)
    at java.base/java.util.regex.Pattern.expr(Pattern.java:2069)
    at java.base/java.util.regex.Pattern.compile(Pattern.java:1783)
    at java.base/java.util.regex.Pattern.<init>(Pattern.java:1430)
    at java.base/java.util.regex.Pattern.compile(Pattern.java:1069)
    at java.base/java.util.regex.Pattern.matches(Pattern.java:1174)
    at java.base/java.lang.String.matches(String.java:2844)
    at org.springframework.web.servlet.handler.HandlerMappingIntrospector$CachedResult.matches(HandlerMappingIntrospector.java:402)
    at org.springframework.web.servlet.handler.HandlerMappingIntrospector$CachedResult.getResultFor(HandlerMappingIntrospector.java:433)
    at org.springframework.web.servlet.handler.HandlerMappingIntrospector.getCorsConfiguration(HandlerMappingIntrospector.java:295)
    at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:86)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)

While in Spring Boot <= 3.1, this URL with * wild card is OK, and working as expected.

Info: Only happen to spring-web, but it's fine for spring-webflux

Comment From: jhollmannk

We have the same problem where there are special characters (from regexp) in a resource (for example a user). So something like DELETE /users/user+*something will now throw the error (Dangling meta character '*') because there is the '+' directlty in front of it. DELETE /users/user+some*thing will work.

Our requests are correctly URL-encoded but '+' and '*' are no special characters for a URI so they are not replaced by something like %2B and %2A.

Additional info: We use the ant path matcher: spring.mvc.pathmatch.matching-strategy=ant_path_matcher

Comment From: bclozel

Thanks for the report @nico-arianto @jhollmannk , this is now fixed and available in both 6.1.3-SNAPSHOT and 6.0.16-SNAPSHOT. You can see the release dates on our milestone page or our on public release calendar.