Reputation: 23
How to authenticate some URL and ignore anything else
I want to manage security policy like below. ( HTTP Basic Authorization)
Apply authentication following URLs. "/foo/", "/bar/"
Ignore anything else URLs. ( Even though requests have Authorization field in header)
I know permitall(). But permitall() is not suitable because it apply security policy when request has Authorization field in headers.
Upvotes: 1
Views: 262
Answers (1)
Reputation: 697
If you want ignore particular url then you need to implement this method.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(final WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/static/**");
}
}
You can put your url in place of /static/** in which you want no authentication apply.
Your example means that Spring (Web) Security is ignoring URL patterns that match the expression you have defined ("/static/**"). This URL is skipped by Spring Security, therefore not secured.
Read the Spring Security reference for more details: Click here for spring security details
Upvotes: 1
Related Questions
- How to secure some URLS while keeping others without authentication?
- Spring Security authorization for certain URL and deny all others
- Disable Basic Authentication for a specific URL Spring
- Do not call Spring Security pre-authentication filter for specific URL and HTTP method
- Spring Security oauth and turn off security for some urls but keep basic auth activated
- Allow Specific URL patterns to bypass Spring Security Login
- spring security - mutiple authentications for differnt URL patterns
- PreAuthentication with Spring Security -> Based on URL parameters
- Spring Security: Ignore login page by using a special URL parameter
- User login validation for any url using spring security