amitection
Reputation: 2923
Remove Auth Filter on one of the Web API's in spring-boot
My project has 2 API's. 1st requires Authentication and the 2nd one does not.
I was successfully able to added a Token Based Auth Filter for the first API /auth/uploadFile
Here is the code snippet from the SecurityConfig class which extends WebSecurityConfigurerAdapter.
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(tokenAuthenticationFilter, BasicAuthenticationFilter.class).authorizeRequests()
.antMatchers("/auth/uploadFile/").permitAll().anyRequest()
.authenticated().and().csrf().disable();
}
I haven't added my second API /noauth/uploadFile to the antMatchers() but it still enters the custom tokenAuthenticationFilter when I make a POST call to it.
How can I avoid entering my custom filter tokenAuthenticationFilter when I make a call to my second API /noauth/uploadFile i.e my filter should not be applied on the second API?
Upvotes: 0
Views: 994
Answers (1)
Sangram Jadhav
Reputation: 2478
You can override/add below method in SecurityConfig class.
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/noauth/**");
}
Upvotes: 2
Related Questions
- Spring Security with Spring Boot: Allowing unauthenticated user access on specific endpoints when using a filter
- Spring Boot 2.0: how to disable security for a particular endpoint
- Spring Boot - Custom Authentication Filter without using the WebSecurityConfigurerAdapter
- Ignore authorization for some endpoints in Spring Boot
- How to disable Spring Boot Authentication control for a particular Rest Controller
- How can I disable authentication for a specific endpoint?
- Exclude authentication to pass by filter In spring security
- How to add filter after the HTTP BasicAuthenticationFilter when using @EnableAuthorizationServer
- Spring Security OAuth2 disable BasicAuthenticationFilter from default filter chain
- Do not call Spring Security pre-authentication filter for specific URL and HTTP method