Menu
I have the following spring security configuration snippet:
http
.authorizeRequests()
.antMatchers("/tokens").hasIpAddress("10.0.0.0/16")
....
This works, but I would also like to grant access to "/tokens" from 127.0.0.1. I was hoping something along the lines of the following would work, but it doesn't:
http
.authorizeRequests()
.antMatchers("/tokens").hasIpAddress("10.0.0.0/16").hasIpAddress("127.0.0.1/32")
....
896
anyRequest(). authenticated() is that any request must be authenticated otherwise my Spring app will return a 401 response.
The antMatchers() is a Springboot HTTP method used to configure the URL paths from which the Springboot application security should permit requests based on the user's roles. The antmatchers() method is an overloaded method that receives both the HTTP request methods and the specific URLs as its arguments.
When using Java configuration, the way to define multiple security realms is to have multiple @Configuration classes that extend the WebSecurityConfigurerAdapter base class – each with its own security configuration. These classes can be static and placed inside the main config.
The main difference is that roles have special semantics. Starting with Spring Security 4, the 'ROLE_' prefix is automatically added (if it's not already there) by any role related method. So hasAuthority('ROLE_ADMIN') is similar to hasRole('ADMIN') because the 'ROLE_' prefix gets added automatically.
http
.authorizeRequests()
.antMatchers("/tokens").access(
"hasIpAddress('10.0.0.0/16') or hasIpAddress('127.0.0.1/32')")
....
Try to set this configuration in the spring security configuration file like this
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/tokens**" access="hasIpAddress('10.0.0.0/16') or hasIpAddress('127.0.0.1/32')" />
</http>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With