I have spring security configuration which looks somehow like this:
@Override
public void configure(WebSecurity web) {
web.ignoring().regexMatchers(POST, "a regex pattern here");
}
It worked properly, means it allowed unauthenticated POST request to URLs matching the pattern.
Then I introduced a filter and added it in the next way.
@Override
protected void configure(HttpSecurity http) {
http
.addFilterAfter(
myFilter,
AbstractPreAuthenticatedProcessingFilter.class
)
...
}
Problem: Requests to the ignored url are still handled by the newly introduced filter.
The myFilter is an instance of a class extending OncePerRequestFilter.
Question: How to make filter ignore requests that declared to be ignored in WebSecurity?
