Spring Security frequent scenarios

From Luis Gallego Hurtado - Not Another IT guy
Jump to: navigation, search

Allowing all requests programatically

We create a SecurityFilterChain that builts an HttpSecurity that pertmits all request to every endpoint.

public class MyConfiguration {
  public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
      .authorizeHttpRequests(requests -> requests.anyRequest().permitAll());
    return http.build();

Actuator endpoints are not included in given rule, so we neeed to disable also security to them by specifying management.security.enabled property with false value.