배대현
Reputation: 35
questions for spring security config
I`ve tried to config Spring Security.
This is my sucurity config.
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/api/**", "/denied**").permitAll()
.anyRequest().denyAll()
.and()
.exceptionHandling().accessDeniedPage("/denied")
.and()
.csrf().disable();
// @formatter:on
}
When I access url "localhost:8080/admin", I expect "/denied" page. But it shows default 403 page provided spring security. Is there any problem my configuration?
Upvotes: 0
Views: 374
Answers (1)
FreezY
Reputation: 1671
Update:
Change .anyRequest().denyAll() to .anyRequest().authenticated()
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/api/**", "/denied**").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling().accessDeniedPage("/denied")
.and()
.csrf().disable();
// @formatter:on
}
If u need to use requiresSecure(), just add .requiresChannel().anyRequest().requiresSecure().and() after .and()
Upvotes: 1
Related Questions
- What's the difference between @Component, @Repository & @Service annotations in Spring?
- Security configuration with Spring-boot
- Spring boot security consider case insensitive username check for login
- Spring Security OAuth2 SSO with Custom provider + logout
- Access Denied Spring Security with javaconfig
- Spring boot actuator secure services does not work fine