Jucaalpa
Reputation: 310
How to check for authenticated() or hasIpAddress for the same antMatcher()?
I am trying to configure Sprint Security to check if the user is authenticated or if the request comes from a specific IP subnet.
I wrote the following code that is not working as expected:
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(HttpMethod.valueOf("POST"), "/api/something").authenticated();
http.authorizeRequests().antMatchers(HttpMethod.valueOf("POST"), "/api/something").hasIpAddress("172.17.0.0/24");
}
Each configuration works individually, but I don't know how to put them together using an OR operator.
The problem is that the second configuration overrides the first one.
Is there a way to achieve this?
Thank you
Upvotes: 0
Views: 561
Answers (1)
Related Questions
- Spring security multiple hasIPAddress antMatchers
- How to check if user is logged in or anonymous in Spring Security
- How to create conditional AuthenticationProvider in Spring-Security?
- Conditional auth-provider in auth-manager
- spring security authentication using ip address and username password
- Ip authentication in Spring Security
- How can authenticate user by only ip address in spring security?
- In Spring Security how to handle NOT hasAuthority
- Spring Security two authenticationSuccessHandler
- Spring Security hasIpAddress issue