2

We have following security configure code,

@Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors().and().csrf().disable().authorizeRequests().antMatchers("/api/**").anyRequest()
                .authenticated().and().exceptionHandling().accessDeniedPage("/").and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

     GET /api/users
        POST /api/users
        GET /api/users/{userId}

We need to restrict below requests (not for all requests) in Spring Boot application and allow these requests only on given ipaddress (multiple ipaddress) in properties.

Muralidhar
  • 113
  • 1
  • 12

1 Answers1

3

Try with below configuration:

@Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors().and().csrf().disable().authorizeRequests()
                .antMatchers("/api/users/**").hasIpAddress("127.0.0.1")
                .and()
                .authorizeRequests()
                .anyRequest()
                .authenticated().and().exceptionHandling().accessDeniedPage("/").and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
GolamMazid Sajib
  • 8,698
  • 6
  • 21
  • 39
  • Thanks for your post, here we need to configure multiple ipaddress – Muralidhar Jan 23 '20 at 10:18
  • 1
    I just tried like below, seems this working. @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity.cors().and().csrf().disable().authorizeRequests() .antMatchers("/api/users/**").access("hasIpAddress('10.00.07.9') or hasIpAddress('10.00.00.60')") .and() .authorizeRequests() .anyRequest() .authenticated().and().exceptionHandling().accessDeniedPage("/").and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); } – Muralidhar Jan 23 '20 at 12:50