I am using the following Java configuration with Spring Security:
protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .httpBasic(); }
Based on this configuration, all requests are authenticated. When you click the controller without authentication, AnonymousAuthenticationFilter will create an authentication object for you with username=anonymousUser, role=ROLE_ANONYMOUS .
I am trying to provide anonymous access to a specific controller method and have tried using each of the following:
@Secured("ROLE_ANONYMOUS")@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
When the controller methods are called, the following response is issued: "HTTP status 401 - full authentication is required to access this resource
Can someone help me understand why we are getting this message and why ROLE_ANONYMOUS / IS_AUTHENTICATED_ANONYMOUSLY does not seem to work using this configuration?
Thanks,
In JP
java spring spring-java-config spring-security
user2145809
source share