Menu
I have the following definition...
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/> <property name="objectDefinitionSource"> <sec:filter-invocation-definition-source > <sec:intercept-url pattern="/secure/css/**" access="ROLE_TIER0"/> <sec:intercept-url pattern="/secure/images/**" access="ROLE_TIER0"/> <sec:intercept-url pattern="/**" access="ROLE_TIER0"/> </sec:filter-invocation-definition-source> </property> </bean> I'd like to have the resources on this url...
"/nonSecure/**"
Open to all calls, i.e. no security around it.
I've tried adding ...
<sec:intercept-url pattern="/nonsecure/**" access="permitAll" /> But this causes Websphere to throw an error about
Unsupported configuration attributes: [permitAll] Can anyone tell me how to exclude this URL from security?
416
What you want is to ignore certain URLs for this override the configure method that takes WebSecurity object and ignore the pattern. And remove that line from the HttpSecurity part. This will tell Spring Security to ignore this URL and don't apply any filters to them.
For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file.
antMatchers() is then used to apply authorization to one or more paths you specify in antMatchers() . Such as permitAll() or hasRole('USER3') . These only get applied if the first http. antMatcher() is matched.
In spring security 3.1.x the use of filters="none" is deprecated. Instead you use multiple <http> tags like this:
<http pattern="/nonsecure/**" security="none"/> http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic
64
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
