Java – disable spring security authentication in specific methods

2020-08-06 • Java

I use spring security 4.0 on my application I have a registration page in my application and I want to exclude this page from checking authentication

My security configuration:

http.antMatcher("/test")
            .httpBasic()
            .and()
            .authorizeRequests()
            .antMatchers("/index.html","/login.html","/","/scripts/**","/bower_components/**","/styles/**","/views/**","/login","/api/user/*").permitAll().anyRequest()
            .authenticated().and().logout().logoutUrl("/api/logout").and()
            .csrf().csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(),CsrfFilter.class);

My controller method:

@RequestMapping(method = RequestMethod.POST,value = "/registration")
public ResponseEntity<RestUser> registration(
        @RequestBody RestUser restuser,Principal p) throws Exception {

}

Solution

Add the registration URL to permit all in the configuration I have added / registered to your spring security configuration

http.antMatcher("/test")
            .httpBasic()
            .and()
            .authorizeRequests()
            .antMatchers("/index.html","/api/user/**","/registration").permitAll().anyRequest()
            .authenticated().and().logout().logoutUrl("/api/logout").and()
            .csrf().csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(),CsrfFilter.class);

to update

Please change / API / user / * to / API / user / * * It should work

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Java – where to restore the user’s purchase within the application?

< <上一篇

Java – why does this nested ArrayList code throw an exception?

下一篇>>

搜索内容

Java – disable spring security authentication in specific methods

Solution

热门文章