I am working on Spring Boot security config where I want one of the URL to be excluded from security filter.
URL format: URL/v1/btob/**.
To be excluded URL format: URL/v1/btob/icici/pay
Here's my configure method:
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable();
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http
.antMatcher("/v1/btob/**")
.httpBasic()
.and()
.csrf().disable()
.sessionManagement()#
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.cors()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/icici/pay").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(btoBFilter, UsernamePasswordAuthenticationFilter.class);
}
@Override
public void configure(WebSecurity web) {
web
.ignoring()
.antMatchers(HttpMethod.POST, "/v1/btob/icici/pay");
}
I did this but still the excluded URL goes in the filter. How to fix this? I even tried ignoring the URL globally in 2nd configure method but no help.
No comments:
Post a Comment