Reputation: 35
I`ve tried to config Spring Security.
This is my sucurity config.
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/api/**", "/denied**").permitAll()
.anyRequest().denyAll()
.and()
.exceptionHandling().accessDeniedPage("/denied")
.and()
.csrf().disable();
// @formatter:on
}
When I access url "localhost:8080/admin", I expect "/denied" page. But it shows default 403 page provided spring security. Is there any problem my configuration?
Upvotes: 0
Views: 374
Reputation: 1671
Update:
Change .anyRequest().denyAll()
to .anyRequest().authenticated()
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/api/**", "/denied**").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling().accessDeniedPage("/denied")
.and()
.csrf().disable();
// @formatter:on
}
If u need to use requiresSecure()
, just add .requiresChannel().anyRequest().requiresSecure().and()
after .and()
Upvotes: 1