Spring Security frequent scenarios
From Luis Gallego Hurtado - Not Another IT guy
Allowing all requests programatically
We create a SecurityFilterChain that builts an HttpSecurity that pertmits all request to every endpoint.
@Configuration
public class MyConfiguration {
@Bean
public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
http
.securityMatcher(EndpointRequest.toAnyEndpoint())
.authorizeHttpRequests(requests -> requests.anyRequest().permitAll());
return http.build();
}
}
Actuator endpoints are not included in given rule, so we neeed to disable also security to them by specifying management.security.enabled property with false value.