0

Hello dear community,

details about my goal:

the actual result:

  • The internationalization works very well

then I added security:

http.authorizeRequests()

    // Restrict Endpoints
    .antMatchers("/login/**").hasAnyRole("admin", "member")

    // Allow Forms
    .antMatchers("/member/**").permitAll()

    // Allow Resources
    .antMatchers("/js/**").permitAll()
    .antMatchers("/css/**").permitAll()

    // Deny All
    .anyRequest().authenticated();
}

Due to .anyRequest().authenticated() a request on the root path like /?lang=de will trigger authentication.

what I tried:

http.authorizeRequests()

    // Restrict Endpoints
    .antMatchers("/login/**").hasAnyRole("admin", "member")

    // Allow Forms
    .antMatchers("/member/**").permitAll()

    // Allow Resources
    .antMatchers("/js/**").permitAll()
    .antMatchers("/css/**").permitAll()

    // Trick to allow Internationalization
    .antMatchers("/*").permitAll()

    // Deny All
    .anyRequest().authenticated();
}

I added .antMatchers("/*").permitAll() which works, but it allows to much resources on the root path. My goal is to only allow /?lang=de without authentication.

Is there any opportunity?

My resources I studied but not get confortable with:

Kind regards
OtenMoten

Kevin O.
  • 355
  • 3
  • 11

1 Answers1

0

Well, finally it's working.

Above I told I was not confortable with the mentioned stackoverflow links, but yet it's working.

I've added:

.regexMatchers("/.*lang=.*").permitAll()

http.authorizeRequests()

// Restrict Endpoints
.antMatchers("/login/**").hasAnyRole("admin", "member")

// Allow Forms
.antMatchers("/member/**").permitAll()

// Allow Resources
.antMatchers("/js/**").permitAll()
.antMatchers("/css/**").permitAll()

.regexMatchers("/.*lang=.*").permitAll()

// Deny All
.anyRequest().authenticated();

}

Kevin O.
  • 355
  • 3
  • 11