antMatcher not working with antMatchers security config

Question

I am working on Spring Boot security config where I want one of the URL to be excluded from security filter.

URL format: URL/v1/btob/**.
To be excluded URL format: URL/v1/btob/icici/pay

Here's my configure method:

@Override
public void configure(HttpSecurity http) throws Exception {
     http
         .csrf().disable();
     http
         .sessionManagement()
             .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

     http
         .antMatcher("/v1/btob/**")
         .httpBasic()
             .and()
         .csrf().disable()
         .sessionManagement()#
             .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
             .and()
         .cors()
             .and()
         .authorizeRequests()
             .antMatchers(HttpMethod.POST, "/icici/pay").permitAll()
             .anyRequest().authenticated()
             .and()
         .addFilterBefore(btoBFilter, UsernamePasswordAuthenticationFilter.class);
}

@Override
public void configure(WebSecurity web) {

    web
       .ignoring()
           .antMatchers(HttpMethod.POST, "/v1/btob/icici/pay");
}

I did this but still the excluded URL goes in the filter. How to fix this? I even tried ignoring the URL globally in 2nd configure method but no help.

I tried your configuration myself and it works as you would expect. 401's on urls starting with "/v1/btob/" but 200 ok on "/v1/btob/icici/pay" and other urls. Only difference is I don't have your filter. But as far as I can see this setup should work (and works on my machine)... — Willem, Aug 21 '22 at 13:40
*I did this but still the excluded URL goes in the filter.* Probably your filter is an exposed bean, see other question. Unfortunately you didn't post your custom filter, so I could'nt be sure. — dur, Aug 24 '22 at 20:22
Can you try removing the HtppMethod.POST from .ignoring().antMatchers() and pass only the route — anurag-dhamala, Aug 24 '22 at 20:24

antMatcher not working with antMatchers security config

0 Answers0