How to apply Spring Security filter only on secured endpoints?

by

I have an application with the same requirement and to solve it I basically restricted Spring Security to a given ant match patter (using antMatcher) as follows:

http
    .antMatcher("/api/**")
    .authorizeRequests() //
        .anyRequest().authenticated() //
        .and()
    .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

You can read it as follows: for http only invoke these configurations on requests matching the ant pattern /api/** authorizing any request to authenticated users and add filter authenticationTokenFilterBean() before UsernamePasswordAuthenticationFilter. For all others requests this configuration has no effect.

More Related Contents:

  1. Spring Security : Multiple HTTP Config not working
  2. Filter invoke twice when register as Spring bean
  3. How to get active user’s UserDetails
  4. When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
  5. How to disable spring security for particular url
  6. Difference between Role and GrantedAuthority in Spring Security
  7. Disable Spring Security for OPTIONS Http Method
  8. How to enable HTTP response caching in Spring Boot
  9. RESTful Authentication via Spring
  10. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  11. How to get the current logged in user object from spring security?
  12. Spring webSecurity.ignoring() doesn’t ignore custom filter
  13. Unit testing with Spring Security
  14. Spring security does not allow CSS or JS resources to be loaded
  15. how to display custom error message in jsp for spring security auth exception
  16. spring web, security + web.xml + mvc dispatcher + Bean is created twice
  17. Spring Security, secured and none secured access
  18. JAAS for human beings
  19. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  20. Spring security added prefix “ROLE_” to all roles name?
  21. Why this Spring application with java-based configuration don’t work properly
  22. Spring REST security – Secure different URLs differently
  23. Custom Authentication Manager with Spring Security and Java Configuration
  24. Difference between spring @Controller and @RestController annotation
  25. Spring Boot Adding Http Request Interceptors
  26. Using GZIP compression with Spring Boot/MVC/JavaConfig with RESTful
  27. Return generated pdf using spring MVC
  28. Binding a list in @RequestParam
  29. Form submit in Spring MVC 3 – explanation
  30. Spring RequestMapping for controllers that produce and consume JSON

Leave a Comment