Disable Spring Security for OPTIONS Http Method

by

If you’re using an annotation based security config file (@EnableWebSecurity & @Configuration) you can do something like the following in the configure() method to allow for the OPTION requests to be permitted by Spring Security without authentication for a given path:

@Override
protected void configure(HttpSecurity http) throws Exception
{
     http
    .csrf().disable()
    .authorizeRequests()
      .antMatchers(HttpMethod.OPTIONS,"/path/to/allow").permitAll()//allow CORS option calls
      .antMatchers("/resources/**").permitAll()
      .anyRequest().authenticated()
    .and()
    .formLogin()
    .and()
    .httpBasic();
}

More Related Contents:

  1. Spring Security : Multiple HTTP Config not working
  2. Filter invoke twice when register as Spring bean
  3. How to get active user’s UserDetails
  4. Spring Data Rest and Cors
  5. Spring security CORS Filter
  6. When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
  7. CORS allowed-origin restrictions aren’t causing the server to reject requests
  8. How to disable spring security for particular url
  9. Difference between Role and GrantedAuthority in Spring Security
  10. How to enable HTTP response caching in Spring Boot
  11. RESTful Authentication via Spring
  12. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  13. How to get the current logged in user object from spring security?
  14. Spring webSecurity.ignoring() doesn’t ignore custom filter
  15. Spring security does not allow CSS or JS resources to be loaded
  16. how to display custom error message in jsp for spring security auth exception
  17. spring web, security + web.xml + mvc dispatcher + Bean is created twice
  18. How to apply Spring Security filter only on secured endpoints?
  19. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  20. Spring security added prefix “ROLE_” to all roles name?
  21. Why this Spring application with java-based configuration don’t work properly
  22. Spring REST security – Secure different URLs differently
  23. Custom Authentication Manager with Spring Security and Java Configuration
  24. What causes “java.lang.IllegalStateException: Neither BindingResult nor plain target object for bean name ‘command’ available as request attribute”?
  25. Redirect to an external URL from controller action in Spring MVC
  26. Autowiring two beans implementing same interface – how to set default bean to autowire?
  27. Spring Security, secured and none secured access
  28. Spring 3.0 making JSON response using jackson message converter
  29. Return a stream with Spring MVC’s ResponseEntity
  30. What are annotations and how do they actually work for frameworks like Spring?

Leave a Comment