Spring Security configuration based on different http methods
Question
In my Spring Boot application I have configured following OAuth2 ResourceServer :
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/api/**").authorizeRequests()
.antMatchers("/api/v1.0/users").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(STATELESS);
// @formatter:on
}
In my REST API UserController I have two different request handler methods - for POST and for GET http methods. Right now both of them in the configuration above are public.
I'd like to secure POST method and make a GET as public even for anonymous users
How the configuration above can be changed in order to support this ?
1 answers
solution1
1 ACCPTED 2016-10-01 17:13:17
只需在匹配器中添加方法
antMatchers(HttpMethod.POST, "/api/v1.0/users")
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Combining namespace based configuration with different authentication methods in spring-security
Spring Security - Java Based Configuration AuthenticationManager and Http403ForbiddenEntryPoint
Spring-security.xml code based configuration
Swagger + Spring security - Hide methods based on roles
multiple <security:http> section in spring security configuration file
Spring Security: Different authentication methods depending on entity
Spring security using http authentication based on xml
Spring security Role based HTTP request Authorization
Authentication based on http domain with spring-security
Spring Security annotation based configuration - form based login is bypassed
Related Tags