Geek Answers Handbook

Authentication of only selected rest endpoints: spring boot

I have a Spring web application. Download some rest endpoints. I wanted to know how we can enable basic authentication only for selected vacation endpoints. Say I want only /employee/{id} request authentication and ignore all other vacation endpoints. I am using the following code. My question is, will antMatcher only check the specified request? Currently, its enabling authentication for all other endpoints is:

 @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // How does it work will it only authenticate employee & // ignore any other request?? Its authenticating all the requests currently. http .authorizeRequests() .antMatchers("/employee/*").authenticated() .and() .httpBasic() .and() .csrf() .disable(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("admin").password("admin").roles("USER"); } }
+5
source share
1 answer

By default, Spring Boot will protect all endpoints if Spring Security is in the classpath.

You need to explicitly add an exception for all other endpoints that will be resolved without authentication.

Example:

 @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/employee/*").authenticated() .anyRequest().permitAll() .and() .httpBasic() .and() .csrf().disable(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("admin").password("admin").roles("USER"); } }
+5
source

More articles:


All Articles