Home > other >  Allow certain endpoint unauthenticated access in spring resource server
Allow certain endpoint unauthenticated access in spring resource server

Time:10-19

I have setup a spring resource server using Spring 5. All my endpoints now require a valid access token. How can I allow my /health endpoint free access? With below configuration, it does not work and health endpoint also requires an access token.

 @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/health").permitAll()
            .antMatchers("/user").authenticated()
            .and().formLogin()
            .and().requestMatchers()
            .antMatchers("/oauth/authorize");
}

CodePudding user response:

Is anonymous enabled?

http.anonymous().and().authorizeRequests()...

Side note, WebSecurityConfigurerAdapter is deprecated. Instead of extending it, you should provide your application context with a SecurityFilterChain @Bean:

@Bean public SecurityFilterChain filterChain(HttpSecurity http) {
    http.anonymous().and().authorizeRequests()...

    return http.build();
}

CodePudding user response:

After a lot of research, I added this small piece of code to make it work like a charm.

@Override
public void configure(WebSecurity web) {
    web.ignoring().antMatchers("/user");
}

Page link:https//www.codepudding.com/other/581291.html

Prev:GraphQL returning null when queried
Next:Inject List of Custom Object to map using spring boot configuration properties
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding