alexanoid alexanoid - 2 months ago 13
Java Question

Spring Security configuration based on different http methods

In my Spring Boot application I have configured following OAuth2

ResourceServer
:

@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/api/**").authorizeRequests()
.antMatchers("/api/v1.0/users").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(STATELESS);
// @formatter:on
}


In my REST API
UserController
I have two different request handler methods - for POST and for GET http methods. Right now both of them in the configuration above are public.

I'd like to secure POST method and make a GET as public even for anonymous users

How the configuration above can be changed in order to support this ?

JEY JEY
Answer

Just add the method in the matcher

antMatchers(HttpMethod.POST, "/api/v1.0/users")