배대현
배대현

Reputation: 35

questions for spring security config

I`ve tried to config Spring Security.

This is my sucurity config.

@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
        http.authorizeRequests()
            .antMatchers("/api/**", "/denied**").permitAll()                
            .anyRequest().denyAll()
            .and()
            .exceptionHandling().accessDeniedPage("/denied")
            .and()
            .csrf().disable();
    // @formatter:on
}

When I access url "localhost:8080/admin", I expect "/denied" page. But it shows default 403 page provided spring security. Is there any problem my configuration?

Upvotes: 0

Views: 374

Answers (1)

FreezY
FreezY

Reputation: 1671

Update: Change .anyRequest().denyAll() to .anyRequest().authenticated()

@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
    http.authorizeRequests()
        .antMatchers("/api/**", "/denied**").permitAll()                
        .anyRequest().authenticated()
        .and()
        .exceptionHandling().accessDeniedPage("/denied")
        .and()
        .csrf().disable();
// @formatter:on
}

If u need to use requiresSecure(), just add .requiresChannel().anyRequest().requiresSecure().and() after .and()

Upvotes: 1

Related Questions