Issue
I didn't find a satisfying answer for this issue.
I have a security configuration that has been working well until now.
I want to add one more POST
url, that will be allowed to access by all.
While the other excluded url's are working well, The added extra added one does not work.
My code:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/ws/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/**").authenticated()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/ws/getEvents").permitAll()// ---> While this is working
.antMatchers(HttpMethod.POST, "/ws/persons/createNotificationsSubscriber*").permitAll()// -->this not working
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("http://localhost:3006/eventsMainView")
.and()
.csrf().disable()
.httpBasic();
}
Solution
The issue here is
.antMatchers(HttpMethod.POST, "/ws/**").authenticated()
Says authenticate all URL which starts from /ws with POST request but
.antMatchers(HttpMethod.POST,"/ws/persons/createNotificationsSubscriber*").permitAll() // --> this not working
This starts from the same /ws and it is a POST request so Spring is not allowing this
To do your work please use this-
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/ws/persons/createNotificationsSubscriber*").permitAll()// --> This will work
.antMatchers(HttpMethod.POST, "/ws/**").authenticated()
.antMatchers(HttpMethod.DELETE, "/**").authenticated()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/ws/getEvents").permitAll()// ---> While this is working
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("http://localhost:3006/eventsMainView")
.and()
.csrf().disable()
.httpBasic();
}
Answered By - Ayush