Jonas
Reputation: 65
Spring Security HTTPS
I have the problem, that Spring Security is redirecting me to much. So the browser can't build up the side. Whats wrong with my code?
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.and()
.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and()
.authorizeRequests()
.antMatchers("/login").permitAll()
.and()
.formLogin()
.and()
.httpBasic()
.and()
.requiresChannel()
.anyRequest()
.requiresSecure()
.and()
.csrf().disable();
}
I thought, that the user would be able to access to "localhost:8585/login", because of the .antMatchers("/login").permitAll() ?
Upvotes: 2
Views: 543
Answers (1)
kuhajeyan
Reputation: 11017
order matters here
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/login*").anonymous()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login")
.and()
.logout().logoutSuccessUrl("/login.html")
.and()
.httpBasic()
.and()
.requiresChannel()
.anyRequest()
.requiresSecure()
.and()
.csrf().disable();
}
Upvotes: 2
Related Questions
- How to configure HttpSecurity for this situation (Spring Boot)
- Authentication with Spring Security
- HttpSecurity Spring Boot configuration
- Configure Http security
- Spring Security HTTP Basic Authentication
- Spring Security Authorization
- HTTPS - spring web security - how to make server secure
- Securing a https connection
- Spring security authenticaton
- Require authentication through https with spring security?