Spring security permit all is not working for multiple urls

Question

I'm trying to give permit all to multiple urls but I'm getting 403. When I disable csrf, all the requests are working without authentication. Pls find below my security configuration.

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()//.anyRequest().permitAll()
                .antMatchers("/actuator/**","/v1/foo/link")
                .permitAll()
                .antMatchers("/**")
                .authenticated()
                .and()
                .oauth2ResourceServer()
                .jwt(withDefaults());
    }
}

Please correct me where I'm missing. Thank you..

score 0 · Answer 1 · answered Jun 19 '20 at 15:11

I found this answer in the mentioned stackoverflow link and it is working.

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/v1/foo/link").antMatchers("/v1/refer/link");
}

Spring Security exclude url patterns in security annotation configurartion

Spring security permit all is not working for multiple urls

1 Answers1