-1

I already have antmatchers() in my spring security config that uses a wildcard . I need to filter out the "forms" from this wildcard. Here is my original code : 

    .antMatchers("/api/keepSessionAlive").authenticated()
    .antMatchers("/api/users/**").authenticated()

I tried to change the wildcard to a regex as you can see below and it didn't work for me :

   .antMatchers("/api/users/(?!forms).*").authenticated()

Any help would be greatly appreciated

Seth S
  • 1
  • 1
  • 2
  • 1
    Please provide examples of some urls you would like to match. Just saying it doesn't work isn't enough – secondbreakfast Feb 07 '18 at 03:24
  • Possible duplicate of [How to put a URL with a regular expression in Spring Java based configuration](https://stackoverflow.com/questions/21130376/how-to-put-a-url-with-a-regular-expression-in-spring-java-based-configuration) – dur Feb 07 '18 at 12:50
  • If you insist to use `antMatchers`, look at https://stackoverflow.com/questions/27649649/antmatchers-spring-security-pattern-with-changeable-url-user-id, but it is made for a more specific case. – dur Feb 07 '18 at 12:52

2 Answers2

0

Please add the "/users/forms" filter before "/users/**" antMatchers

.antMatchers("/api/keepSessionAlive").authenticated()
.antMatchers("/api/users/forms/**").authenticated() 
.antMatchers("/api/users/**").authenticated()
Aaric Chen
  • 1,138
  • 11
  • 12
0

Just add an antmatcher for "form" before others and keep it as permit-all as follows:

.antMatchers("/api/users/form").permitAll()
.antMatchers("/api/keepSessionAlive").authenticated()
.antMatchers("/api/users/forms/**").authenticated() 
.antMatchers("/api/users/**").authenticated()

Hope this helps.

sebin vincent
  • 330
  • 3
  • 12