CODEWITHSUNDEEP
javaspringspring-security
JhonArias
JhonArias

Reputation: 127

How to add matchers to HttpSecurity spring web secure

I try to implement spring security, but I have many roles and privileges, then I want to add the roles dynamically to each other resources. Like it:

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);


    //PageRequest p = new PageRequest(0, 1000);

    List<RolePrivilegeConfig> rolePrivilegesConfig=rolePrivilegeConfigService.findAll();

    for (RolePrivilegeConfig rolePrivilegeConfig : rolePrivilegesConfig) {

        http.authorizeRequests()
        .antMatchers("/login").permitAll()
        .antMatchers(rolePrivilegeConfig.getResource())
        .access(rolePrivilegeConfig.getRoleName())
        .anyRequest().authenticated();               
    } }

I have this error:

Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure antMatchers after anyRequest.

How can I put all matchers and call request after?

Upvotes: 4

Views: 4616

Answers (1)

Selindek
Selindek

Reputation: 3423

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);


    //PageRequest p = new PageRequest(0, 1000);

    List<RolePrivilegeConfig> rolePrivilegesConfig=rolePrivilegeConfigService.findAll();

    http.authorizeRequests()
        .antMatchers("/login").permitAll();

    for (RolePrivilegeConfig rolePrivilegeConfig : rolePrivilegesConfig) {

        http.authorizeRequests()
        .antMatchers(rolePrivilegeConfig.getResource())
        .access(rolePrivilegeConfig.getRoleName());
    }

    http.authorizeRequests()
        .anyRequest().authenticated();
}

Upvotes: 4

Related Questions