java - How to disable authentication for one service in Spring Boot? -

-

i have spring boot application, in of pages secured (you need log in access them) using following security configuration.

@configuration @order(securityproperties.access_override_order) class securityconfiguration extends     websecurityconfigureradapter {       @autowired     public void registerauthentication(authenticationmanagerbuilder auth) throws exception {         auth.inmemoryauthentication()             .withuser("user")             .password("myapp")             .roles("admin")             .and()             .withuser("guest")             .password("guest")             .roles("user");     }      @override     protected void configure(httpsecurity http) throws exception {         http             .httpbasic()             .and()             .authorizerequests()             .antmatchers("/index.html", "/home.html", "/login.html", "/")             .permitall()             .anyrequest().authenticated().and()             .csrf()             .csrftokenrepository(csrftokenrepository())             .and()             .addfilterafter(new csrfheaderfilter(), csrffilter.class);     }      private csrftokenrepository csrftokenrepository() {         final httpsessioncsrftokenrepository repository =             new httpsessioncsrftokenrepository();         repository.setheadername("x-xsrf-token");         return repository;     } }

in application class, have service publicdata, want accessible without authentication (even, if user isn't logged in).

@springbootapplication @restcontroller public class myappapplication {     @requestmapping("/resource")     public map<string,object> home() {         final map<string,object> model = new hashmap<>();         model.put("id", uuid.randomuuid().tostring());         model.put("content", "hello world");         return model;     }     @requestmapping("/publicdata")     public string publicdata() {         return ...;     }     @requestmapping("/user")     public principal user(final principal user) {         return user;     }     public static void main(final string[] args) {         springapplication.run(myappapplication.class, args);     } }

how can this?

i tried

@override protected void configure(httpsecurity http) throws exception {     http         .httpbasic()         .and()         .authorizerequests()         .antmatchers("/index.html", "/home.html", "/login.html", "/")         .permitall()         .anyrequest().authenticated().and()         .csrf()         .csrftokenrepository(csrftokenrepository())         .and()         .addfilterafter(new csrfheaderfilter(), csrffilter.class)         .and()         .authorizerequests()         .antmatchers("/publicdata").permitall(); }

but didn't work.

you can create role permission access , grant access in methods using spring security annotation http://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html

of course every user need role automatically when connect in application.

<http use-expressions="true">   <intercept-url pattern="/*"       access="hasrole('admin')"/> </http>

then in free access method

@preauthorize("hasrole('admin')") public void create(contact contact);

Comments

Post a Comment

Popular posts from this blog

Android : Making Listview full screen -

-
<linearlayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent" android:layout_height="match_parent" android:orientation="vertical" tools:context=".mainactivity"> <edittext android:layout_margintop="5dp" android:layout_width="match_parent" android:layout_height="50dp" android:background="@drawable/location_edittext" android:id="@+id/locationeditext" android:textsize="15sp" android:textcolor="#999" android:paddingleft="15dp" /> <com.example.ravi_gupta.slider.viewpagercustomduration android:layout_width="wrap_content" android:layout_height="0dp" android:id="@+id/viewpager" android:scrollbarstyle="outsideoverlay" android:layout_weight="0.5&quo
Read more

javascript - Parse JSON from the body of the POST -

-
i'm using cameratag.com record video on website. service can send json response server can save data database. don't know how proceed here: the documentation states please note json repsonse passed in body of post , not form parameters. here example of how parse response in ruby: data = json.parse(request.raw_post) video_uuid = data["uuid"] but don't know how data on javascript. i'm not experienced in js please bare me :) post sample: { "uuid": "00012710-4b65-0131-ffe6-22000a499ea4", "camera_uuid": "98373a20-79ee-0130-3e42-1231390fcc11", "created_at": "2013-12-20t05:25:02.000z", "percent_complete": 100, "short_code": "kktb4q", "metadata": { }, "state": "published", "recorded_from": "http://singwho.com", "publish_type": null, "formats": [ { "name&qu
Read more

javascript - Chrome Extension: Interacting with iframe embedded within popup -

-
i writing chrome extension needs interact urls user not have open. therefore using hidden iframes embedded within popup, , attempting click button within iframe. however, receiving same origin policy error. know possible extension interact iframes of different domain via content scripts when iframe on tab user has open, not sure if possible use content scripts interact iframes directly in popup. here code: manifest.json "content_scripts": [ { "js": [ "bin/jquery.min.js", "interaction.js" ], "all_frames": true, "run_at": "document_start", "matches": [ "http://*/*", "https://*/*" ] }], "permissions": [ "activetab", "tabs", "http://*/", "https://*/" ], interaction.js $(document).ready(function() { $('div#iframes').append("<iframe id='shop' src=
Read more