Home > Back-end >  i want JWT filter for only specified url patterns (admin service urls) not for all urls in spring bo
i want JWT filter for only specified url patterns (admin service urls) not for all urls in spring bo

Time:10-31

i want filter endpoint urls starts with "/api/**" but customJwtAuthenticationFilter filter all url other.

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
            .authorizeRequests()
            .antMatchers("/users","/api/users").authenticated()
            .anyRequest().permitAll()
            .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and().exceptionHandling().accessDeniedPage("/403").authenticationEntryPoint(jwtAuthenticationEntryPoint).and().
            formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/users")
            .failureUrl("/login?error=true")
            .permitAll()
            .and()
            .logout().logoutSuccessUrl("/").permitAll()
          .and().addFilterBefore(customJwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}

Kindly help?

Thanks in Advance

CodePudding user response:

If you want to filter only url with path /api/**, you can extend your class CustomJwtAuthenticationFilter with class AbstractAuthenticationProcessingFilter. And you can skip url path with class RequestMatcher. For example.

class CustomJwtAuthenticationFilter extends AbstractAuthenticationProcessingFilter{
    public CustomJwtAuthenticationFilter(RequestMatcher matcher){
        super(matcher);
    }
}

and for class RequestMatcher,

class SomeRequestMatcher implements RequestMatcher {
    @Override
     public boolean matches(HttpServletRequest request) {
     OrRequestMatcher skipRequestMatcher = new OrRequestMatcher(List.of("/api/**").stream().map(p-> new AntPathRequestMatcher(p))
            .collect(Collectors.toList()));

    if(skipRequestMatcher.matches(request))
        return false;
    return true;
  }
}

CodePudding user response:

I use this code in CustomFilterJWT.class and it's work.

@Override
protected boolean shouldNotFilter(HttpServletRequest request) {
    String path = request.getServletPath();
    return !path.startsWith("/api");
}

`

  • Related