I'm using Spring Securitys Java Config. Want to translate the following XML: <pre class="prettyprint"><code><intercept-url pattern="/login" access="permitAll" method="POST" /> </code></pre> Got it working with Java Config: <pre class="prettyprint"><code>http.authorizeUrls().antMatchers("/login").permitAll(); </code></pre> But one problem is there: I can still use "/login" with a Browser and do a GET-Request. But I only want that the url can be accessed by POST. Quesion: How can I add this >> method="POST" << to java configuration?

If you'd check the documentation of antMatchers method, you will see that enumeration of HttpMethod can be passed as the first parameter. So something like this should work: <pre class="prettyprint"><code>http.authorizeUrls().antMatchers(HttpMethod.POST, "/login").permitAll(); </code></pre>

Spring Security: Java Config: How to add the method type?

Q: How do I enable method level security in Spring?

Method-level security is implemented by placing the @PreAuthorize annotation on controller methods (actually one of a set of annotations available, but the most commonly used). This annotation contains a Spring Expression Language (SpEL) snippet that is assessed to determine if the request should be authenticated.

Q: What does anyRequest () authenticated () do?

anyRequest(). authenticated() will restrict the access for any other endpoint other than PUBLIC_URL, and the user must be authenticated.

Q: What is and () in Spring Security?

Basically and() method is used to concatenate multiple configurer of Spring Security You can refer attached image to understand more clearly. Follow this answer to receive notifications.

I'm using Spring Securitys Java Config.

Want to translate the following XML:

<intercept-url pattern="/login" access="permitAll" method="POST" />

Got it working with Java Config:

http.authorizeUrls().antMatchers("/login").permitAll();

But one problem is there:

I can still use "/login" with a Browser and do a GET-Request. But I only want that the url can be accessed by POST.

Quesion:

How can I add this >> method="POST" << to java configuration?

How do I enable method level security in Spring?

Method-level security is implemented by placing the @PreAuthorize annotation on controller methods (actually one of a set of annotations available, but the most commonly used). This annotation contains a Spring Expression Language (SpEL) snippet that is assessed to determine if the request should be authenticated.

What does anyRequest () authenticated () do?

anyRequest(). authenticated() will restrict the access for any other endpoint other than PUBLIC_URL, and the user must be authenticated.

What is and () in Spring Security?

Basically and() method is used to concatenate multiple configurer of Spring Security You can refer attached image to understand more clearly. Follow this answer to receive notifications.

If you'd check the documentation of antMatchers method, you will see that enumeration of HttpMethod can be passed as the first parameter.

So something like this should work:

http.authorizeUrls().antMatchers(HttpMethod.POST, "/login").permitAll();

Spring Security: Java Config: How to add the method type?

Tags:

java

spring

config

spring-security

DaUser

People also ask

1 Answers

Paulius Matulionis

Recent Activity

Donate For Us

Spring Security: Java Config: How to add the method type?

Tags:

java

spring

config

spring-security

DaUser

People also ask

1 Answers

Paulius Matulionis

Related questions

Recent Activity

Donate For Us