Spring Security configuration interceptor URL handle

Question

I have a problem with my Spring Boot application in security configuration. I want to apply basic authentication in a URL. My app's default URL is app/v1/items and my ap'sp secure URL is app/v1/secure/items.

With given configuration basic authentication is not working and I can get items from both URLs. I can not configure the antMatchers.

How can it handle it?

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/**").permitAll()    
            .antMatchers("/secure").access("hasRole('USER')")
            .anyRequest().authenticated();
    http
        .httpBasic();
    http
        .csrf().disable();
}

score 0 · Accepted Answer · answered Jan 29 '17 at 22:17

0

try this code please.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
    .antMatchers("/app/v1/items/**").permitAll()
    .antMatchers("/app/v1/secure/items/**").hasAuthority("USER")
    .anyRequest().authenticated();
    http.httpBasic();
    http.csrf().disable();

}

answered Jan 29 '17 at 22:17

SaRPaRDa

34
2
4

Yeap it is working but giving authrities in api/vi would be much nicer – boraer Jan 30 '17 at 07:44

Spring Security configuration interceptor URL handle

1 Answers1