Reputation: 5186

spring security http antMatcher with multiple paths

I have the following spring security java config rule (with version 3.2.4) which works:

http.antMatcher("/lti1p/**")
    .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
    .authorizeRequests().anyRequest().hasRole("LTI")
    .and().csrf().disable();

However, I would like to apply this rule to 2 paths ("/lti1p/" and ("/lti2p/"). I can't just replace antMatcher with antMatchers (HttpSecurity object doesn't allow it) and when I try something like this it doesn't apply the rule correctly anymore.

http
    .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
    .authorizeRequests()
    .antMatchers("/lti1p/**","/lti2p/**").hasRole("LTI")
    .and().csrf().disable();

I have tried a number of variants of this without any luck. Does anyone know the correct way to apply this rule using java config to multiple paths?

Upvotes: 48

Answers (3)

trueindian

Reputation: 1

try following :

 .antMatchers("/admin/**").hasRole("admin")
            .antMatchers("/superadmin/**").hasRole("superadmin")
            .antMatchers("/billingmanager/**").hasAnyRole ( "billingmanager","admin")
            .antMatchers("/salesman/**").hasAnyRole ( "billingmanager","admin" ,"salesman")
            .antMatchers("/getjwttoken", "/healthcheck/**", "/registerultimateuser", "/test").permitAll()

Upvotes: -1

Andrei Stefan

Reputation: 52368

Try the following approach:

http 
  .requestMatchers()
       .antMatchers("/lti1p/**","/lti2p/**")
       .and()
  .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class)
  .authorizeRequests().anyRequest().hasRole("LTI")
  .and().csrf().disable();

Upvotes: 83

gerrytan

Reputation: 41123

Try:

.antMatchers("/lti1p/**").hasRole("LTI")
.antMatchers("/lti2p/**").hasRole("LTI")

Upvotes: -2

spring security http antMatcher with multiple paths

Answers (3)

Related Questions