I'm using Spring Securitys Java Config.
Want to translate the following XML:
<intercept-url pattern="/login" access="permitAll" method="POST" />
Got it working with Java Config:
http.authorizeUrls().antMatchers("/login").permitAll();
But one problem is there:
I can still use "/login" with a Browser and do a GET-Request. But I only want that the url can be accessed by POST.
Quesion:
How can I add this >> method="POST" << to java configuration?
Method-level security is implemented by placing the @PreAuthorize annotation on controller methods (actually one of a set of annotations available, but the most commonly used). This annotation contains a Spring Expression Language (SpEL) snippet that is assessed to determine if the request should be authenticated.
anyRequest(). authenticated() will restrict the access for any other endpoint other than PUBLIC_URL, and the user must be authenticated.
Basically and() method is used to concatenate multiple configurer of Spring Security You can refer attached image to understand more clearly. Follow this answer to receive notifications.
If you'd check the documentation of antMatchers method, you will see that enumeration of HttpMethod can be passed as the first parameter.
So something like this should work:
http.authorizeUrls().antMatchers(HttpMethod.POST, "/login").permitAll();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With