Allow all but one URL in Spring Security

Question

Allow all but one URL in Spring Security

I would like to protect only one URL by allowing anonymous access to everything else.

The Java configuration examples I see on the Internet seem to you indicating explicitly permitAll each URL and the corresponding hasRole for the URLs that you want to protect. This in my case creates really cumbersome Java code, which I change every time I add a new application URL. Is there a simpler java configuration that I can use.

Also note that in my case, the URL that I am protecting is a sub-resource, say employee/me , I would like employee/list , etc. were anonymously available.

+18

java spring spring-security

Sathyakumar seshachalam Apr 3 '16 at 7:58

source share

1 answer

Ali Dehghani · Accepted Answer · 2016-04-03T09:55:14+0000

If you are using Java configuration, you can use something like the following in your configure method:

 @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/employee/me").authenticated() .antMatchers("/**").permitAll(); }

Allow all but one URL in Spring Security

More articles: