'What is this antMatchers(...) chain going to do?

I am working on a security issue and I have this (Java) code:

        http.authorizeRequests()
                    .antMatchers("/xyz/**").permitAll()
                    .antMatchers("/**").denyAll();

The idea is that this will allow all the requests to URL /xyz/... and deny all the other requests. Fortify complains about it, so is it a false positive or is it the correct way to do it?

java spring-security

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source

'What is this antMatchers(...) chain going to do?

Sources

Related Questions