ChunGeun Yu
ChunGeun Yu

Reputation: 23

How to authenticate some URL and ignore anything else

I want to manage security policy like below. ( HTTP Basic Authorization)

  1. Apply authentication following URLs. "/foo/", "/bar/"

  2. Ignore anything else URLs. ( Even though requests have Authorization field in header)

I know permitall(). But permitall() is not suitable because it apply security policy when request has Authorization field in headers.

Upvotes: 1

Views: 262

Answers (1)

Vikram Shekhawat
Vikram Shekhawat

Reputation: 697

If you want ignore particular url then you need to implement this method.

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(final WebSecurity web) throws Exception {
        web.ignoring()
           .antMatchers("/static/**");
    }
}

You can put your url in place of /static/** in which you want no authentication apply.

Your example means that Spring (Web) Security is ignoring URL patterns that match the expression you have defined ("/static/**"). This URL is skipped by Spring Security, therefore not secured.

Read the Spring Security reference for more details: Click here for spring security details

Upvotes: 1

Related Questions