Menu
I'm trying to add an unsecured controller endpoint /foo/bar to my application, but whenever I try calling it, I get 401 Unauthorized.
Here's my WebSecurityConfigurerAdapter:
http
.authorizeRequests()
.antMatchers("/foo/**").permitAll()
.and()
.formLogin()
.loginPage("/login").permitAll()
.and()
.requestMatchers()
.antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access")
.and()
.authorizeRequests()
.anyRequest().authenticated();
Would somone kindly point out what am I missing?
238
First of all, according to Spring Boot dot, we have to add @EnableWebSecurity annotation. Second of all, we have to override configure method WITH @Override annotation AND super. configure(http) at the end of the method.
Annotation Type PermitAll. @Documented @Retention(value=RUNTIME) @Target(value={TYPE,METHOD}) public @interface PermitAll. Specifies that all security roles are allowed to invoke the specified method(s) i.e that the specified method(s) are "unchecked". It can be specified on a class or on methods.
Setting up an <intercept-url> element with access=”permitAll” will configure the authorization so that all requests are allowed on that particular path: <intercept-url pattern="/login*" access="permitAll" />
You need to declare SecurityFilterChain and WebSecurityCustomizer beans instead of overriding methods of WebSecurityConfigurerAdapter class.
Concatenate multiple antMatchers in one authorizeRequests section:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/foo/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
