java - Spring-Boot REST service basic http auth exclude one endpoint -


i have rest-only micro service built on spring-boot version 1.5.4.release spring-boot-starter-security. service has no web pages, json in , out. username , password configured in application.properties file. credit http://ryanjbaxter.com/2015/01/06/securing-rest-apis-with-spring-boot/ following configuration causes server implement basic http authentication quite nicely, accepts credentials , rejects unauthorized requests:

import org.springframework.context.annotation.configuration; import org.springframework.security.config.annotation.web.builders.httpsecurity; import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter;  @configuration public class securityconfiguration extends websecurityconfigureradapter {      @override     protected void configure(httpsecurity http) throws exception {         http.csrf().disable().authorizerequests() //                 .anyrequest().authenticated().and().httpbasic();             } } 

my question i'd exclude 1 little ole path, 1 tiny endpoint, basic http authentication. frantic googling , copy-pasting revised above have this:

    http.csrf().disable().authorizerequests() //         .antmatchers("/healthcheck").permitall()         .anyrequest().authenticated().and().httpbasic(); 

this compiles , runs without warning, path not opened unauthenticated access. still must supply credentials check service health.

do have match paths 1 one? little healthcheck endpoint @ base of context path, whole bunch of others - adding paths one-by-one hassle.

the relevant part of application.properties file is:

security.user.name = web-user security.user.password = web-pass management.security.roles=superuser 

maybe need fiddle roles somehow?

please help, in advance.

update 1:

path information - i'd path (and many more @ root) guarded:

localhost:8081/abcd/user 

and i'd 1 path open, no auth required:

localhost:8081/abcd/healthcheck 

update 2: looks largely duplicated 3-year-old question, no answer accepted there issue:

spring-boot setup basic auth on single web app path?

you link looks like:

localhost:8081/abcd/healthcheck 

try this:

http.csrf().disable().authorizerequests() //     .antmatchers("/abcd/healthcheck").permitall()     .anyrequest().authenticated().and().httpbasic(); 

Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -