Home > Net >  Spring Security ignoring context-path
Spring Security ignoring context-path

Time:12-26

Controller

@GetMapping("/api/data")
String response(){

}

application.properties

server.servlet.context-path=/v1

Spring secuity

http.authorizeRequests().anyMatcher("/v1/**").authenicated()

Here authentication is not happening. I believe, spring-security is ignoring the context-path thats been configured in the application.properties. Why is spring-security ignoring the context path. How to fix this?

For the above image, I expected a 401 since the v1/** is supposed to be authorised

This is working fine,

http.authorizeRequests().anyMatcher("/**").authenicated()

CodePudding user response:

Turn ON the debug for Spring Security, then you would understand what's happening.

@EnableWebSecurity(debug = true)

When,

server.servlet.context-path=/v1

Generated Request:

Request received for GET '/api/data':

servletPath:/api/data
pathInfo:null

When,

spring.mvc.servlet.path=/v1

Generated Request:

Request received for GET '/v1/api/data':

servletPath:/v1
pathInfo:/api/data

Go with servlet-path for what you are trying to implement...

  • Related