Jump to content
Please Use CODE Tags

Problem with spring security requestmatchers().permitall

Souranil21 chakraborty
By Souranil21 chakraborty
in Programming
 Share
Posted

I am trying to configure spring security in my project and so far i am facing an issue where while trying to configure the filterchain i cannot configure the application to expose some endpoints without authentication with requestmatchers().permitall(). First take a look at the code=>

  

    @Bean
    public SecurityFilterChain securityFilter(HttpSecurity http) throws Exception{
        http
                .authorizeHttpRequests(requests -> requests
                        .requestMatchers("/download/**").permitAll()
                        .anyRequest().authenticated()
                )
                .formLogin(Customizer.withDefaults())
                .httpBasic(Customizer.withDefaults());
        return http.build();
    }

  

And yes i have used @Configuration and @EnableWebSecurity on the top of the class. from my understanding with this filterchain cofig spring should allow the download page to accessible without any authentication while all other edpoints need authentication for access. But unfortunately spring is asking for authentication on /download/links url too which should be accessible. I checked by using anyrequest.permitall but as usual that ends up exposing all the endpoints to the users without authentication. And also i am using get method not post on these urls. If anyone can share some insight that would be helpful. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×