Reputation: 188
Spring Security: what do authorizeRequests(), anyRequest() and authenticated() do?
In the below code what do the different chained methods do?
protected void configure(HttpSecurity http ) throws Exception {
http.authorizeRequests()
.antMatchers(PUBLIC_URL).permitAll()
.anyRequest().authenticated();
}
NOTE: PUBLIC_URL is an array of strings containing public URLs.
Upvotes: 8
Views: 12135
Answers (2)
Reputation: 13747
authorizeRequests()Allows restricting access based upon theHttpServletRequestusingRequestMatcherimplementations.permitAll()This will allow the public access that is anyone can access endpoint PUBLIC_URL without authentication.anyRequest().authenticated()will restrict the access for any other endpoint other than PUBLIC_URL, and the user must be authenticated.
We can also configure access based on authorities, can manage the sessions, HTTPS channel and much more. You may find more details from configure(HttpSecurity http).
Upvotes: 12
Reputation: 517
It means that all requests must be authenticated except those matching PUBLIC_URL
Upvotes: 1
Related Questions
- Spring Security - Authrozation on rest apis
- What does the authorizeRequests in Spring Security do?
- Basic REST Authentication in Spring Boot
- Spring Security - Authenticating with Authorization Header
- Difference between httpBasic() and authorizeRequest()
- Spring requestMatchers, antMatchers and authorizeRequests usage
- Authentication and authorization in Spring Data REST
- Spring security requests authorization
- Spring Security : Testing & understanding REST authentication
- Looking for additional explanation for spring security setup