Using the web security configurer adapter to configure web security

We can override configure(WebSecurity web) in order to configure URLs that do not need authorization and authentication.

An example implementation is shown here:

@Override
public void configure(WebSecurity webSecurity) throws Exception {
    webSecurity.ignoring().antMatchers(HttpMethod.POST, "/auth")
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .and().ignoring()
        .antMatchers(HttpMethod.GET, "/");
}

The previous configuration does not carry out any authentication or authorization on the following:

  • All options requests
  • The GET requests to the  "/" root URL
  • The POST requests to the /auth URL
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset