1

I need to secure all rest endpoints in our Resource Server except endpoints that start with /unsecured. So requests like the following should be permitted to everyone:

  • /unsecured/foo/bar
  • /unsecured
  • ...

but requests like these:

  • /foo/unsecured/bar
  • /foo/bar
  • ...

should require authentication.

@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity security) throws Exception {
        security
            .authorizeRequests(authorizeRequests -> {
                authorizeRequests.antMatchers("unsecured/**").permitAll();
                authorizeRequests.anyRequest().authenticated();
            });
    }
}

But in the configuration above, all endpoints require authentication.

This is response which I receive when I tried access to unsecured endpoint:

code 401

{
    "error": "unauthorized",
    "error_description": "Full authentication is required to access this resource"
}
Denis Stephanov
  • 4,563
  • 24
  • 78
  • 174

1 Answers1

1

premitAll() is what you are looking for. Looks like you were just missing the / before the URL

@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity security) throws Exception {
        security
            .authorizeRequests(authorizeRequests - > {
                authorizeRequests.antMatchers("/unsecured/**").permitAll();
                authorizeRequests.anyRequest().authenticated();
            });
    }
}
Dylan
  • 2,161
  • 2
  • 27
  • 51