Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring Security: Java Config: How to add the method type?

I'm using Spring Securitys Java Config.

Want to translate the following XML:

<intercept-url pattern="/login" access="permitAll" method="POST" />

Got it working with Java Config:

http.authorizeUrls().antMatchers("/login").permitAll();

But one problem is there:

I can still use "/login" with a Browser and do a GET-Request. But I only want that the url can be accessed by POST.

Quesion:

How can I add this >> method="POST" << to java configuration?

like image 227
DaUser Avatar asked Aug 23 '13 09:08

DaUser


People also ask

How do I enable method level security in Spring?

Method-level security is implemented by placing the @PreAuthorize annotation on controller methods (actually one of a set of annotations available, but the most commonly used). This annotation contains a Spring Expression Language (SpEL) snippet that is assessed to determine if the request should be authenticated.

What does anyRequest () authenticated () do?

anyRequest(). authenticated() will restrict the access for any other endpoint other than PUBLIC_URL, and the user must be authenticated.

What is and () in Spring Security?

Basically and() method is used to concatenate multiple configurer of Spring Security You can refer attached image to understand more clearly. Follow this answer to receive notifications.


1 Answers

If you'd check the documentation of antMatchers method, you will see that enumeration of HttpMethod can be passed as the first parameter.

So something like this should work:

http.authorizeUrls().antMatchers(HttpMethod.POST, "/login").permitAll();
like image 93
Paulius Matulionis Avatar answered Sep 20 '22 06:09

Paulius Matulionis