spring security http antMatcher with multiple paths

Question

I have the following spring security java config rule (with version 3.2.4) which works:

http.antMatcher("/lti1p/**")     .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)     .authorizeRequests().anyRequest().hasRole("LTI")     .and().csrf().disable(); 

However, I would like to apply this rule to 2 paths ("/lti1p/" and ("/lti2p/"). I can't just replace antMatcher with antMatchers (HttpSecurity object doesn't allow it) and when I try something like this it doesn't apply the rule correctly anymore.

http     .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)     .authorizeRequests()     .antMatchers("/lti1p/**","/lti2p/**").hasRole("LTI")     .and().csrf().disable(); 

I have tried a number of variants of this without any luck. Does anyone know the correct way to apply this rule using java config to multiple paths?

Answer 1

Try the following approach:

http    .requestMatchers()        .antMatchers("/lti1p/**","/lti2p/**")        .and()   .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)   .authorizeRequests().anyRequest().hasRole("LTI")   .and().csrf().disable();