alexanoid
Reputation: 25770
Spring Security configuration based on different http methods
In my Spring Boot application I have configured following OAuth2 ResourceServer:
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/api/**").authorizeRequests()
.antMatchers("/api/v1.0/users").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(STATELESS);
// @formatter:on
}
In my REST API UserController I have two different request handler methods - for POST and for GET http methods. Right now both of them in the configuration above are public.
I'd like to secure POST method and make a GET as public even for anonymous users
How the configuration above can be changed in order to support this ?
Upvotes: 0
Views: 75
Answers (1)
JEY
Reputation: 7123
Just add the method in the matcher
antMatchers(HttpMethod.POST, "/api/v1.0/users")
Upvotes: 1
Related Questions
- http security config for tls and Oauth2 in the same method
- how to use multiple <http> configurations
- Custom http security configuration along with OAuth2 resource server
- Spring Security - Further Restricting Methods
- Spring Security oauth and turn off security for some urls but keep basic auth activated
- Differents authentication ways on same URLs with spring-boot
- How can I create two http security configurations with java based config?
- spring security - mutiple authentications for differnt URL patterns
- OAuth2 with spring-security - limit REST access by HTTP method
- Different authentication method for different urls