Spring Security what's the difference between http.authorizeHttpRequests() and http.requestMatchers()

Question

What's the difference between these configurations:

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeHttpRequests().anyRequest().authenticated();
    }
}

And

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
               
        http.requestMatchers().and().authorizeHttpRequests().anyRequest().authenticated();
    }
}

When should we use http.authorizeHttpRequests() or http.requestMatchers()

I am still confused! It is clear in the case where we specify extra rules after ` http.requestMatchers()` but it is not clear for the case defined in my question. I mean when we don't specify any specific url. — akuma8, Apr 27 '22 at 17:38
@akuma8 *I mean when we don't specify any specific url.* Then you can remove `.requestMatchers()`, because it makes no sense. It makes only sense if you have at least one better more than one URLs. — dur, Apr 27 '22 at 19:56
@dur As said in my last comment, I opened another question about Spring Security please see here: https://stackoverflow.com/questions/72085572/spring-security-why-specifying-full-paths-to-secure-when-we-have-a-base-path — akuma8, May 02 '22 at 10:46

Spring Security what's the difference between http.authorizeHttpRequests() and http.requestMatchers()

0 Answers0