Home > Net >  How to check for authenticated() or hasIpAddress for the same antMatcher()?
How to check for authenticated() or hasIpAddress for the same antMatcher()?

Time:11-10

I am trying to configure Sprint Security to check if the user is authenticated or if the request comes from a specific IP subnet.

I wrote the following code that is not working as expected:

protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers(HttpMethod.valueOf("POST"), "/api/something").authenticated();
    http.authorizeRequests().antMatchers(HttpMethod.valueOf("POST"), "/api/something").hasIpAddress("172.17.0.0/24");
  }

Each configuration works individually, but I don't know how to put them together using an OR operator.

The problem is that the second configuration overrides the first one.

Is there a way to achieve this?

Thank you

CodePudding user response:

using access with SpEL

http
                .authorizeRequests()
                .antMatchers(HttpMethod.valueOf("POST"), "/api/something")
                .access("hasIpAddress('172.17.0.0/24') or isAuthenticated()")

Page link:https//www.codepudding.com/net/604537.html

Prev:Composing validation annotations into a single annotation
Next:Jax Rs to Rest Controller
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding