'What does the authorizeRequests in Spring Security do?
I have been experimenting on having a multiple security config for different api endpoint as of the moment I have this configuration:
http
.antMatcher("/user/**")
.authorizeRequests()
.antMatchers("/user/document/**").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
this configuration is working but I am also confused that when I tried to remove the second authorizeRequests() (See below). The configuration is also working.
http
.antMatcher("/user/**")
.authorizeRequests()
.antMatchers("/user/document/**").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
What does this method do? And do I have to call it every time?
Solution 1:[1]
Quoting from the documentation:
Note that the matchers are considered in order.
In your configuration, /user/** gets the precedence over /user/document/**. So, in both of cases, the second antMatcher(...) is never applied.
Answering your second question (Do I need to call it every time?) - the answer is NO. Here is a sample configuration (again from the documentation):
http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER").and().formLogin();
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |