The thing I want to do is to exclude requests on /my-path from any checks by Spring Security. The problem is that I have a path /my-path. And requests for this path should not update the last access time in Spring Session.
The way the request passes is through SecurityContextPersistenceFilter, where the filter loads the context via SecurityContextRepository. And the SecurityContextRepository gets the session, which updates last accessed time.
So the question is: Is it possible to exclude requests on /my-path from any sessions checks?
Asked
Active
Viewed 744 times
-1
jahra
- 1,173
- 1
- 16
- 41
1 Answers
1
<http pattern="/my-path" security="none"/>
or Java config
web.ignoring().antMatchers("/my-path");
chaoluo
- 2,596
- 1
- 17
- 29