How to configure web security in spring security to allow some url to access?

Question

How to configure WebSecurity in java based to allow some urls to be accessed. i tried as below

@Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeUrls()
        .antMatchers("/rest/**").permitAll().antMatchers("/admin/**").hasRole("ADMIN");            
  }

Here on above i want to allow "/rest/" **to all (it means this url should not be under security) and "/admin/**" should be secured and have authority of Admin. FYI i am using this with Spring oauth too so "/oauth/token" also should be accessible to all.

Júlio Dias · Accepted Answer · 2016-05-18T19:31:22.313

0

Try this to make all urls that you need open by admin scope:

http.authorizeRequests()
        .antMatchers("/admin/**").access("hasRole('ADMIN')")

I think you do not need to specify urls that are not have access permission in your configure method because they will be accessed normally.

edited May 18 '16 at 19:31

answered May 18 '16 at 19:25

Júlio Dias

92
6

@Dias what if i want `/admin/termsAndCondition` to be public? – Abdullah Khan Oct 15 '17 at 09:16

How to configure web security in spring security to allow some url to access?

1 Answers1