Reputation: 438
How to allow request from a certain url with spring security
I'm developing a simple project in order to learn something about spring.
I've created the login page and all the authentication management, now I'm trying to build the registration page, I've done both backend and frontend side but I have a problem.
The button 'Save' send a post request with path user/signup but it fails, the network console says 302, I think that it is a security problem because if I authenticate and then I try to register a user the request is successfull. So maybe I need to say to spring security that the registration request must be available for all user, also for the unauthenticated ones. I put the path user/signup in spring boot but it doesn't works, I also tried using only /signup
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/script/**", "/css/**", "/getRegisterPage","user/signup");
}
This is the project: https://github.com/StefanoPisano/expenses (branch 0.2)
Upvotes: 3
Views: 9664
Answers (2)
Reputation: 2575
This
web.ignoring().antMatchers("/script/**", "/css/**", "/getRegisterPage","/user/signup");
will ignore all request with these pattern.
What you need is:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/user/signup").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/getLoginPage")
.loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/home", true)
.permitAll();
http
.csrf().disable();
}
permitAll() - Allow anyone (including unauthenticated users) to access to the URL. Check this for more information https://docs.spring.io/spring-security/site/docs/current/reference/html/jc.html
Upvotes: 2
Reputation: 1463
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/script/**", "/css/**", "/getRegisterPage","/user/signup").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/getLoginPage")
.loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/home", true)
.permitAll();
}
Upvotes: 2
Related Questions
- How to disable spring security for particular url
- How to allow all and any requests with Spring Security?
- Allow all URLs but one in Spring security
- URL access denying when implementing the Spring Security for URL authentication
- Spring Security authorization for certain URL and deny all others
- Spring Security disable security for requests made FROM a certain url
- how to solve Spring Security can access url without login
- Spring WebSecurity allow access from url
- spring-boot restricted url
- Spring security :Accept request from specific domain only