Reputation: 41909
Bypass Spring Security Filter for URL
I modified my applicationContext-security-preauth.xml with the goal of removing filters from a particular URL.
I'm having trouble with the spring-security-oauth filter, so I want to temporarily avoid using this filter for particular requests.
<intercept-url pattern="/notsecure/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
After building and copying the new JAR, and then refreshing Tomcat, my /notsecure/ HTTP requests still hit this filter, according to my logs.
I would not have expected for any filter to be hit given my configuration change.
EDIT: I'm using Spring Security 2
Upvotes: 3
Views: 5382
Answers (1)
Reputation: 17518
If you want to avoid hitting any filters for that URL you will need an additional <http> element like this:
<security:http pattern="/notsecure/**" security="none"/>
(This will work only with Spring Security 3.1+)
IS_AUTHENTICATED_ANONYMOUSLY requires that the request is anonymously authenticated which is done by a filter (namely the AnonymousAuthenticationFilter).
Upvotes: 3
Related Questions
- How to disable spring security for particular url
- Spring Security bypass URL or Filter
- Spring Security exclude URL on custom filter
- Do not call Spring Security pre-authentication filter for specific URL and HTTP method
- Spring: Check in code if url has security set to none
- Spring security authentication filter url ignored
- Intercept url in spring security
- spring security intercept-url access
- Modify spring security intercept URL dynamically
- spring security filter chain url pattern matching