The Java – H2 console and spring security – permitall() do not work properly

2020-08-24 • Java

I'm creating a rest API and implementing spring security – everything is fine, but I want (now, when I'm still developing) to be able to let anyone without authorization open localhost: 8080 / console

@Override
protected void configure(HttpSecurity http) throws Exception {
    // allow everyone to register an account; /console is just for testing
    http.authorizeRequests().antMatchers("/register","/console").permitAll();

    http.authorizeRequests().anyRequest().fullyAuthenticated();

    // making H2 console working
    http.headers().frameOptions().disable();

    /*
    https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html#when-to-use-csrf-protection
    for non-browser APIs there is no need to use csrf protection
    */
    http.csrf().disable();
}

The really strange thing is – localhost: 8080 / register does not require any authentication, but / console returns:

{
"timestamp": 1485876313847,"status": 403,"error": "Forbidden","message": "Access Denied","path": "/console"
}

Anyone knows how to solve it?

Solution

I have a similar configuration Can you try?

http
    .authorizeRequests()
        .antMatchers("/register").permitAll()
        .and()
    .authorizeRequests()
        .antMatchers("/console/**").permitAll();

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Avoid NoSuchElementException in Java 8 streams

< <上一篇

java – spring data redis master slave config

下一篇>>

搜索内容

The Java – H2 console and spring security – permitall() do not work properly

Solution

热门文章