How to specific different authentications in different urls in springboot in my situation?

Question

i have backend urls for some service to access, and frontend urls for website login to access, my situation is:

1. /backend/**: HTTPS two-way authentication
2. /frontend/**: HTTPS one-way authentication and token authentication

I don't want to start two different springboot process.

I have found this answer but springboot not allow to disable client-auth for specific urls:

Spring Boot: Disable Client Auth for specific URL

server:
  ssl:
    client-auth: need

and this answer maybe helpful, but i don't know how to mix two authentication method in my situation.

How set up Spring Boot to run HTTPS / HTTP ports

please help.

Answer 1

For Spring-Boot 2.7.0 this should be as simple as defining 2 instances of SecurityFilterChain, idealy you'd want one of them to be the default (remove the http.mvcMatcher line) and give the other @Order(1). Incase of older implementations i'm not 100% sure, for further research you probably find better results looking for a way to support 2 login method depending on endpoint than looking into how to disable certain elements.

@Configuration
public class WebSecurityConfig
{
    @Bean
    public SecurityFilterChain frontendFilterChain(HttpSecurity http) throws Exception
    {
        //@formatter:on
        http
            .mvcMatcher("/frontend/**")
            .authorizeRequests(auth -> auth.anyRequest().permitAll());
        //Extend with needed authentication
        //@formatter:off

        return http.build();
    }

    @Bean
    @Order(1)
    public SecurityFilterChain backendFilterChain(HttpSecurity http) throws Exception
    {
        //@formatter:on
        http
            .mvcMatcher("/backend/**")
            .authorizeRequests(auth -> auth.anyRequest().permitAll());
        //Extend with needed authentication
        //@formatter:off

        return http.build();
    }
}
    ```