How do I allow public access in an specific URL in a Spring Security OAuth-2 Rest application.
I have all URLs started with /rest/**
secured, but would like to make /rest/about
public, so I would not require the user to authenticate to access it. I tried using permitAll()
but it still requires the token in the request. This is my HttpSecurity
configuration:
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/rest/about").permitAll()
.antMatchers("/rest/**").authenticated()
;
}
}
A GET request to /rest/about
still returns 401 Unauthorized - "error":"unauthorized","error_description":"Full authentication is required to access this resource"
Found the answer. I just needed to add anonymous()
:
public void configure(HttpSecurity http) throws Exception {
http
.anonymous().and()
.authorizeRequests()
.antMatchers("/rest/about").permitAll()
.antMatchers("/rest/**").authenticated()
;
}
Got the answer from: https://stackoverflow.com/a/25280897/256245
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With