Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring OAuth 2: public access to a resource

How do I allow public access in an specific URL in a Spring Security OAuth-2 Rest application.

I have all URLs started with /rest/** secured, but would like to make /rest/about public, so I would not require the user to authenticate to access it. I tried using permitAll() but it still requires the token in the request. This is my HttpSecurity configuration:

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
        ResourceServerConfigurerAdapter {

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_ID);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/rest/about").permitAll()
                .antMatchers("/rest/**").authenticated()
                ;
    }
}

A GET request to /rest/about still returns 401 Unauthorized - "error":"unauthorized","error_description":"Full authentication is required to access this resource"

like image 954
Fabricio Lemos Avatar asked Sep 23 '14 16:09

Fabricio Lemos


1 Answers

Found the answer. I just needed to add anonymous():

public void configure(HttpSecurity http) throws Exception {
        http
                .anonymous().and()
                .authorizeRequests()
                .antMatchers("/rest/about").permitAll()
                .antMatchers("/rest/**").authenticated()
                ;
    }

Got the answer from: https://stackoverflow.com/a/25280897/256245

like image 132
Fabricio Lemos Avatar answered Oct 29 '22 13:10

Fabricio Lemos