Oolong
Reputation: 27
Spring security: Is there a way to secure one endpoint in two filter chains?
I have two types of users: say, admins and users. Users are authenticated by http basic, and admins are authenticated by jwt. So, I have such configurations in two @Configuration:
http.cors().and.csrf().disable().and().antMatcher("**/user/**")
.httpBasic();
and
http.cors().and().csrf().disable()
.antMatcher("**/admin/**")
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated())
.and()
.oauth2ResourceServer().jwt();
But I have some endpoints (say, /data), which are need to be accessible(secured!) by users and administrators both. Is there a way to configure something like this, or do I need to divide /data endpoints?
Upvotes: 0
Views: 502
Answers (1)
Vishal
Reputation: 166
You can configure filters for specific endpoints as well. You can write custom code in those filters and handle any custom logic. Other option would be to use AOP on api function itself and do custom handling there.
Upvotes: 1
Related Questions
- Spring custom filters one after each other in the filter chain
- Spring Security with Spring Boot: Allowing unauthenticated user access on specific endpoints when using a filter
- How to have different filters for different request paths on spring security?
- How to apply Spring Security filter only on secured endpoints?
- Use Spring Security Filter to lock down everything except a few routes
- spring security architecture filter chain and request matcher
- Spring Security add filter to all Endpoint EXCEPT one
- Spring Custom filter chain
- Spring Security - Different Filter Entry Points based on Role
- Can you create several "springSecurityFilterChain" with <http>?