java - How to allow specific requests when using spring-security -
i've scenario need let request (let's request method get) no 401 error can thrown.
below spring security configuration:
@configuration @enablewebsecurity public class securityconfiguration extends websecurityconfigureradapter { @override public void configure(websecurity web) throws exception { web.ignoring() .antmatchers("/bower_components/**") .antmatchers("/fonts/**") .antmatchers("/images/**") .antmatchers("/scripts/**") .antmatchers("/styles/**") .antmatchers("/views/**") .antmatchers("/i18n/**") .antmatchers("/swagger-ui/**") .antmatchers("/app/rest/register") .antmatchers("/app/rest/activate"); } }
and resourceserverconfigureradapter
implementation:
how can allow requests?
there method called requestmatchers
can call 1 or more requestmatcher
implementaions.
public void configure(httpsecurity http){ ..... web.ignoring().requestmatchers(new methodtyperequestmatcher(requestmethod.get)); ..... }
and can define implementation:
public class methodrequestmatcher implements requestmatcher { private requestmethod method; public methodrequestmatcher(requestmethod method) { this.method = method; } @override public boolean matches(httpservletrequest request) { if (method == null) { return false; } return request.getmethod().equals(method.name()); } }
Comments
Post a Comment