16

How do I allow public access in an specific URL in a Spring Security OAuth-2 Rest application.

I have all URLs started with /rest/** secured, but would like to make /rest/about public, so I would not require the user to authenticate to access it. I tried using permitAll() but it still requires the token in the request. This is my HttpSecurity configuration:

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
        ResourceServerConfigurerAdapter {

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_ID);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/rest/about").permitAll()
                .antMatchers("/rest/**").authenticated()
                ;
    }
}

A GET request to /rest/about still returns 401 Unauthorized - "error":"unauthorized","error_description":"Full authentication is required to access this resource"

Fabricio Lemos
  • 2,905
  • 2
  • 31
  • 31

1 Answers1

33

Found the answer. I just needed to add anonymous():

public void configure(HttpSecurity http) throws Exception {
        http
                .anonymous().and()
                .authorizeRequests()
                .antMatchers("/rest/about").permitAll()
                .antMatchers("/rest/**").authenticated()
                ;
    }

Got the answer from: https://stackoverflow.com/a/25280897/256245

Community
  • 1
  • 1
Fabricio Lemos
  • 2,905
  • 2
  • 31
  • 31