Spring REST security – Secure different URLs differently

by

Here’s a code sample in Java config that uses UserDetailsService and has different security configurations for different URL endpoints:

@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Configuration
    @Order(1)
    public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/api/v1/**")
                    .httpBasic()
                        .realmName("API")
                        .and()
                    .csrf().disable()
                    .authorizeRequests()
                    .antMatchers("/api/v1/**").authenticated();
        }
    }

    @Configuration
    @Order(2)
    public static class ApiTokenSecurityConfig extends WebSecurityConfigurerAdapter{

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/api/v2/**")
                    /* other config options go here... */
        }

    }
}

More Related Contents:

  1. RESTful Authentication via Spring
  2. Spring Security : Multiple HTTP Config not working
  3. Filter invoke twice when register as Spring bean
  4. How to get active user’s UserDetails
  5. Spring MVC @PathVariable getting truncated
  6. When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
  7. Using GZIP compression with Spring Boot/MVC/JavaConfig with RESTful
  8. Spring MVC – How to return simple String as JSON in Rest Controller
  9. How to disable spring security for particular url
  10. How to manage REST API versioning with spring?
  11. Difference between Role and GrantedAuthority in Spring Security
  12. How does the Spring @ResponseBody annotation work?
  13. Disable Spring Security for OPTIONS Http Method
  14. How to set base url for rest in spring boot?
  15. Http Post request with content type application/x-www-form-urlencoded not working in Spring
  16. How to enable HTTP response caching in Spring Boot
  17. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  18. How to get the current logged in user object from spring security?
  19. Spring security does not allow CSS or JS resources to be loaded
  20. Spring MVC – @Valid on list of beans in REST service
  21. how to display custom error message in jsp for spring security auth exception
  22. Expose all IDs when using Spring Data Rest
  23. spring web, security + web.xml + mvc dispatcher + Bean is created twice
  24. How to apply Spring Security filter only on secured endpoints?
  25. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  26. Spring security added prefix “ROLE_” to all roles name?
  27. Why this Spring application with java-based configuration don’t work properly
  28. Unable to get a generic ResponseEntity where T is a generic class “SomeClass”
  29. How to secure REST API with Spring Boot and Spring Security?
  30. Spring MVC PATCH method: partial updates

Leave a Comment