2

I'm trying to implement a basic Spring Security configuration for my REST API, and the username/password prompt appears on pages, where i've permitted all requests.

This is my security configuration:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/", "/jobs").permitAll()
        .anyRequest().authenticated()
        .and()
        .httpBasic();
}

localhost:8080/ and localhost:8080/jobs should be accessable, without loggin in. Any request to a different route should need authentication.
Right now, when open up the root or /jobs in my browser, I get the content of the page, but I also get asked to log in. It is possible to simply close the dialog, but this is extemely annoying. When I open up /test or something else, the login dialog appears and I don't get the content, which is the correct behavior.

How do I get rid of these dialogs on pages, where I used permittAll()?

here is the screenshot of the current situation. The content is 100% loaded. screenshot

EDIT: I found the solution, thanks to dur for mentioning to inspect the requests. The problem was, that firefox sends a request for the favicon.ico file automaticly, this route wasn't permitted and that's why I've got the prompt.

hexnov
  • 55
  • 6
  • There is no real HTML on the page, it's just plain text. Currently the content of the response is just a temporary filler. – hexnov Dec 28 '18 at 12:38
  • 1
    Maybe you can find answer [here](https://stackoverflow.com/questions/30761253/remove-using-default-security-password-on-spring-boot) – Pizza eu Dec 28 '18 at 12:39

1 Answers1

2

I found the solution, thanks to dur for mentioning to inspect the requests. The problem was, that firefox sends a request for the favicon.ico file automatically, this route wasn't permitted and that's why I've got the prompt.

After adding "/favicon.ico" to the antMatchers() method, everything worked fine. screenshot

hexnov
  • 55
  • 6