2

my application uses spring security. I know you can use antMatchers to permit requests for some URI that are mapped into your application. But I need too allow requests made from an external api to a URI in my application and just for that api. I need something like this:

 @Override protected void configure(WebSecurity web) throws Exception { web.ignoring() .antMatchers("http://externalTestApi.com"); }

Does anybody know if this is possible? I did not find anything on this.

Improve this question

1 Answer 1

Reset to default
2

You can do something like this (if you want to combine multiple conditions)

.authorizeRequests() .antMatchers("/user/list") .access("authenticated or hasIpAddress('666.666.666.666') or hasIpAddress('127.0.0.1') or hasIpAddress('0:0:0:0:0:0:0:1')")

or

.authorizeRequests() .antMatchers("/user/list") .hasIpAddress("0.0.0.0/0");
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

that works for the configure method that accepts a HttpSecurity as parameter, I need this for configure method with WebSecurity.
Aren't you extending WebSecurityConfigurerAdapter? Just @override configure(HttpSecurity http) and do your security there?
in WebSecurityConfigurerAdapter there are 2 configure methods, one that takes a HttpSecurity and one that takes WebSecurity, I need this for the one with WebSecurity because that is were the request is filtered and I get a 403 null. I am making a post from the api using RestTemplate and beacuse it is post it does some filtering and has a problem with my session.
If you move it to the method with HttpSecurity then security will be done in that layer.. I don't see any reason that prevents you to move your code to HttpSecurity.. see the differences here stackoverflow.com/questions/22998731/…
The two configuration methods have different purposes, as it is said in the link you posted, with WebSecurity you can reject requests, the security configuration is in such a way made that the request is rejected by some filters, if my I do what you suggested, my request will be rejected before it reaches any config that I make on HttpSecurity.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.