2

I am trying to ignore a url from authentication I've tried multiple different patterns but java doesn't seem to be able to recognize them. My configure looks like this: 

  @Override
  public void configure(WebSecurity web) throws Exception {
    super.configure(web);
    web.ignoring().antMatchers(
            "/api/pies.*active=true");
  }

the string I want to match and have spring security ignore is something like this: http://"someEnv"/"somePath"/api/pies?active=true

however no matter what wildcard combo I try it doesn't match. The match has to have ?active=true

Below is the method def:

    @GetMapping()
    public ResponseEntity<List<PieResponseDto>> getPies(@RequestParam(name = "active") Boolean active)

below is the class def: 


@RestController
@RequestMapping(path = "/api/pies", produces = MediaType.APPLICATION_JSON_VALUE)
Haq.H
  • 863
  • 7
  • 20
  • 47

1 Answers1

2

Use .regexMatchers instead of .antMatchers and then try this regex: 

^[a-zA-Z:\/.]*pies\?active=true$

There are plenty of online tools for regex expressions. You can try for example this one: online regex tester

dur
  • 15,689
  • 25
  • 79
  • 125
Andrzej Jaromin
  • 269
  • 2
  • 6
  • I've tried regex testers and matched the string such as your pattern but when I feed it to the antMatchers function it doesn't pick it up. – Haq.H Jul 19 '19 at 20:59
  • 1
    Ups, because it is not Regex as you wrote in the title :) It's AntPattern. Try this: `/**/*?active=true` or just `/**/*active=true` – Andrzej Jaromin Jul 19 '19 at 21:05
  • Oh that's new insight! Those patterns aren't working but I think it's because of the controller that picking up the response. I'll do some research and update the question – Haq.H Jul 19 '19 at 21:13
  • 1
    Your original pattern works! You just need to use .regexMatchers instead of .antMatchers if you edit your answer I can mark it correct! – Haq.H Jul 19 '19 at 21:40