Reputation: 7186
In my Spring Boot application, user images are saved in the file system and added the path in resource handlers as
registry.addResourceHandler("/uploads/**").addResourceLocations("file:/home/imgs/profiles/");
I have added JWT security for some of the rest services along with /uploads/**
as .antMatchers("/uploads/**").permitAll().anyRequest().authenticated()
but this /uploads/**
is not checking for security. it is accepting requests from postman without auth token
The path to the resource is as follows:
http://localhost:8080/myapp/uploads/1302caa0-570d-46ed-ae69-372b48c58a3a/74b780b573f149709776e800a659c83e.jpg
How can I configure security for this dynamic resource?
Upvotes: 0
Views: 237
Reputation: 684
According to you configuration you have permitted access to all for user images.
If you to restrict access to only authenticated users, you can just use following configuration:
.anyRequest().authenticated()
If you want more granular control for images security, you can use following configuration(for example):
.antMatchers("/uploads/**")
.hasRole("IMAGE_USER_ROLE")
.anyRequest()
.authenticated()
Upvotes: 1