java - Spring-Boot REST service basic http auth exclude one endpoint -
i have rest-only micro service built on spring-boot version 1.5.4.release spring-boot-starter-security. service has no web pages, json in , out. username , password configured in application.properties file. credit http://ryanjbaxter.com/2015/01/06/securing-rest-apis-with-spring-boot/ following configuration causes server implement basic http authentication quite nicely, accepts credentials , rejects unauthorized requests:
import org.springframework.context.annotation.configuration; import org.springframework.security.config.annotation.web.builders.httpsecurity; import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter; @configuration public class securityconfiguration extends websecurityconfigureradapter { @override protected void configure(httpsecurity http) throws exception { http.csrf().disable().authorizerequests() // .anyrequest().authenticated().and().httpbasic(); } }
my question i'd exclude 1 little ole path, 1 tiny endpoint, basic http authentication. frantic googling , copy-pasting revised above have this:
http.csrf().disable().authorizerequests() // .antmatchers("/healthcheck").permitall() .anyrequest().authenticated().and().httpbasic();
this compiles , runs without warning, path not opened unauthenticated access. still must supply credentials check service health.
do have match paths 1 one? little healthcheck endpoint @ base of context path, whole bunch of others - adding paths one-by-one hassle.
the relevant part of application.properties file is:
security.user.name = web-user security.user.password = web-pass management.security.roles=superuser
maybe need fiddle roles somehow?
please help, in advance.
update 1:
path information - i'd path (and many more @ root) guarded:
localhost:8081/abcd/user
and i'd 1 path open, no auth required:
localhost:8081/abcd/healthcheck
update 2: looks largely duplicated 3-year-old question, no answer accepted there issue:
you link looks like:
localhost:8081/abcd/healthcheck
try this:
http.csrf().disable().authorizerequests() // .antmatchers("/abcd/healthcheck").permitall() .anyrequest().authenticated().and().httpbasic();
Comments
Post a Comment