Omit the <auth-constraint>
element in <security-constraint>
for resources for which you don't need authentication like:
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/info</url-pattern>
</web-resource-collection>
<!-- OMIT auth-constraint -->
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Role</role-name>
</auth-constraint>
</security-constraint>
If you are looking for keycloak with Spring boot solution, then try likes this in your application properties file:
keycloak.security-constraints[0].authRoles[0]=users
keycloak.security-constraints[0].security-collections[0].patterns[0]=/*
keycloak.security-constraints[1].security-collections[0].patterns[0]=/info
This will apply security on all URLs except /info
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With