Tiago Costa
Reputation: 1016
how to secure only one url with spring security and permit all
Im trying to configure Spring security to block only request to swagger, however it is blocking all urls. Does anyone know how to only lock the swagger's url and leave all the rest not secured?
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests().anyRequest().permitAll()
.and()
.authorizeRequests()
.antMatchers("/swagger*/**").authenticated();
http.httpBasic();
}
Upvotes: 5
Views: 6831
Answers (2)
karen
Reputation: 943
Try the following:
http.authorizeRequests()
.antMatchers("/swagger*/**").authenticated()
.anyRequest().permitAll()
.and()
.csrf().disable();
This should only authenticate swagger but permit the rest of the requests.
Upvotes: 12
gtosto
Reputation: 1341
Is this what you intent ?
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/swagger*/**").authenticated()
.anyRequest().permitAll();
http.httpBasic();
}
Upvotes: -1
Related Questions
- How to disable spring security for particular url
- Allow all URLs but one in Spring security
- Spring Security - How do I block access to any url except a few listed by role?
- How to secure some URLS while keeping others without authentication?
- Spring Security authorization for certain URL and deny all others
- Spring Webflux Security Allow All But One Url
- Spring Security disable security for requests made FROM a certain url
- How to allow request from a certain url with spring security
- How to force https on certain URL only on Spring Security?
- secure two or more /** url in spring security