'Spring security Apply authorization only for specific URI and permit all other URI with no auth
I am adding a new WebSecurityConfigurerAdapter and i want to apply a custom validation filter only for two specific URIs and for all others URIs i dont want to validate the authorization header. These two end points are called by another system and it passes Authorization header for validation. For all other end points, we use a different WebSecurityConfigurerAdapter. The issue is that, with below config, requests to all endpoints are going through the JwtTokenFilter. But i want only those two specific end points requests to go through JwtTokenFilter. Please help to figure out what us wrong
class JwtSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().disable().csrf().disable()
.requestMatchers()
//apply the custom JwtTokenFilter only for the below two endpoints
.antMatchers(
"/api/endpoint1",
"/api/endpoint2")
.and()
.addFilterAfter(new JwtTokenFilter(), BasicAuthenticationFilter.class)
//For all other endpoints, do not apply above filter
.authorizeRequests().anyRequest().permitAll();
}
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|