CODEWITHSUNDEEP
springspring-bootspring-security
sunny arya
sunny arya

Reputation: 213

How to disable spring security for certain resource paths

I am implementing spring security in a spring boot application to perform JWT validation where I have a filter and an AuthenticationManager and an AuthenticationProvider. What I want to do is that I want to disable security for certain resource paths (make them unsecure basically).

What I have tried in my securityConfig class (that extends from WebSecuirtyConfigurerAdapater) is below:

protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(),
                UsernamePasswordAuthenticationFilter.class);
        httpSecurity.authorizeRequests().antMatchers("/**").permitAll();
        httpSecurity.csrf().disable();
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

What I am trying to do right now is that I want to make all my resource paths to be un-secure,

but the above code doesn't work and my authenticate method in my CustomAuthenticationProvider (that extends from AuthenticationProvider) get executed every time

Authentication piece gets executed irrespective of using permitAll on every request. I have tried anyRequest too in place of antMatchers:

httpSecurity.authorizeRequests().anyRequest().permitAll();

Any help would be appreciated.

Upvotes: 2

Views: 5257

Answers (2)

max
max

Reputation: 348

Override the following method in your class which extends WebSecuirtyConfigurerAdapater:

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/unsecurePage");
}

Upvotes: 3

Automator1992
Automator1992

Reputation: 118

try updating your code in order to allow requests for specific paths as below 

protected void configure(HttpSecurity httpSecurity) throws Exception {

httpSecurity.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(),
                UsernamePasswordAuthenticationFilter.class);
        httpSecurity.authorizeRequests().antMatchers("/").permitAll().and()
            .authorizeRequests().antMatchers("/exemptedPaths/").permitAll();

httpSecurity.csrf().disable(); 
 httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

}

Upvotes: 2

Related Questions