We can override configure(WebSecurity web) in order to configure URLs that do not need authorization and authentication.
An example implementation is shown here:
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers(HttpMethod.POST, "/auth")
.antMatchers(HttpMethod.OPTIONS, "/**")
.and().ignoring()
.antMatchers(HttpMethod.GET, "/");
}
The previous configuration does not carry out any authentication or authorization on the following:
- All options requests
- The GET requests to the "/" root URL
- The POST requests to the /auth URL