i want filter endpoint urls starts with "/api/**" but customJwtAuthenticationFilter filter all url other.
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/users","/api/users").authenticated()
.anyRequest().permitAll()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().exceptionHandling().accessDeniedPage("/403").authenticationEntryPoint(jwtAuthenticationEntryPoint).and().
formLogin()
.loginPage("/login")
.defaultSuccessUrl("/users")
.failureUrl("/login?error=true")
.permitAll()
.and()
.logout().logoutSuccessUrl("/").permitAll()
.and().addFilterBefore(customJwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
Kindly help?
Thanks in Advance
CodePudding user response:
If you want to filter only url with path /api/**, you can extend your class CustomJwtAuthenticationFilter with class AbstractAuthenticationProcessingFilter. And you can skip url path with class RequestMatcher. For example.
class CustomJwtAuthenticationFilter extends AbstractAuthenticationProcessingFilter{
public CustomJwtAuthenticationFilter(RequestMatcher matcher){
super(matcher);
}
}
and for class RequestMatcher,
class SomeRequestMatcher implements RequestMatcher {
@Override
public boolean matches(HttpServletRequest request) {
OrRequestMatcher skipRequestMatcher = new OrRequestMatcher(List.of("/api/**").stream().map(p-> new AntPathRequestMatcher(p))
.collect(Collectors.toList()));
if(skipRequestMatcher.matches(request))
return false;
return true;
}
}
CodePudding user response:
I use this code in CustomFilterJWT.class and it's work.
@Override
protected boolean shouldNotFilter(HttpServletRequest request) {
String path = request.getServletPath();
return !path.startsWith("/api");
}
`