Reputation: 23
I want to manage security policy like below. ( HTTP Basic Authorization)
Apply authentication following URLs. "/foo/", "/bar/"
Ignore anything else URLs. ( Even though requests have Authorization field in header)
I know permitall(). But permitall() is not suitable because it apply security policy when request has Authorization field in headers.
Upvotes: 1
Views: 262
Reputation: 697
If you want ignore particular url then you need to implement this method.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(final WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/static/**");
}
}
You can put your url in place of /static/** in which you want no authentication apply.
Your example means that Spring (Web) Security is ignoring URL patterns that match the expression you have defined ("/static/**"). This URL is skipped by Spring Security, therefore not secured.
Read the Spring Security reference for more details: Click here for spring security details
Upvotes: 1