user1555190
Reputation: 3239
How to exclude controller from spring security?
I have set up spring security which works fine, however in one of my controllers i dont want to have the request wrapped up in a securityContextHolderAwareRequestWrapper...
how can i exclude the controller from spring security?
I have tried adding the following:
<security:intercept-url pattern="/nonsecureMenu**" filters="none" />
but it still does not work?
Upvotes: 2
Views: 6283
Answers (1)
Grzegorz Rożniecki
Reputation: 28045
Comments are getting too long, so I write here what should you do.
Just as @reagten suggests, use this (and also add / in the beginning of path):
<http pattern="/nonsecureMenu**" security="none" />
declaring separate <http> element just for this path, i.e. you'll have more than one <http> element:
<http pattern="/resources/**" security="none" />
<http pattern="/nonsecureMenu**" security="none" />
<!-- plus for your actual config, for example: -->
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page='/login'/>
</http>
Upvotes: 7
Related Questions
- Spring MVC controller ignored
- How to enable Java Spring security only on paths defined in certain controller?
- Spring Security: Deny access to controller methods, if @PreAuthorize annotation is missing
- Controller exclusion does not work
- Any ways to hide j_spring_security_check
- How to skip spring authentication for specific method of controller
- Spring MVC controller inheritance with spring security
- How to override security access in Spring?
- Securing @Controller inconsistency
- Exclude Spring MVC Controller from Spring Security