'Can't configure antMatchers after anyRequest (Multiple antMatcher)
I am trying to configure Spring Security and get this following error:
Caused by: java.lang.IllegalStateException: Can't configure antMatchers after anyRequest
This is my SecurityConfig class:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(encodePWD());
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.csrf().disable();
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/rest/**").permitAll()
.anyRequest().authenticated()
.and()
.authorizeRequests()
.antMatchers("/secure/**").hasAnyRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.permitAll();
http
.authorizeRequests()
.antMatchers("/login").permitAll();
}
@Bean
public BCryptPasswordEncoder encodePWD(){
return new BCryptPasswordEncoder();
}
}
I already tried call httpSecurityauthorizeRequests().anyRequest().authenticated() as mentioned here,
still didn't work
...any suggestion would be helpfull.
Solution 1:[1]
It might help someone for same kind of Exception Here is my code:-
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/**")
.hasAnyRole()
.and()
.formLogin();
}
I just removed the call to super class :- super.configure(http); It worked for me. Just remove that line.
Solution 2:[2]
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.cors()
.disable()
.authorizeRequests()
.antMatchers("/login", "/user/createUser")
.permitAll()
.antMatchers(HttpMethod.OPTIONS)
.permitAll()
.anyRequest()
.authenticated()
.and().exceptionHandling()
.authenticationEntryPoint(unautorizeHandler)
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
Solution 3:[3]
Authenticated should come last
httpSecurity.csrf().disable()
.cors()
.and().authorizeRequests()
.antMatchers("xyz").permitAll()
.antMatchers("abc")
.authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | yosef girma |
| Solution 2 | Codemaker |
| Solution 3 | Ragunath14 |