Spring Security frequent scenarios

From Luis Gallego Hurtado - Not Another IT guy
Jump to: navigation, search


Allowing all requests programatically

We create a SecurityFilterChain that builts an HttpSecurity that pertmits all request to every endpoint. 

@Configuration
public class MyConfiguration {
  @Bean
  public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
    http
      .securityMatcher(EndpointRequest.toAnyEndpoint())
      .authorizeHttpRequests(requests -> requests.anyRequest().permitAll());
    return http.build();
  }
}

Actuator endpoints are not included in given rule, so we neeed to disable also security to them by specifying management.security.enabled property with false value.

Retrieved from "https://www.luisgallegohurtado.com/w/index.php?title=Spring_Security_frequent_scenarios&oldid=1073"