java - How to disable authentication for one service in Spring Boot? -

-

i have spring boot application, in of pages secured (you need log in access them) using following security configuration.

@configuration @order(securityproperties.access_override_order) class securityconfiguration extends     websecurityconfigureradapter {       @autowired     public void registerauthentication(authenticationmanagerbuilder auth) throws exception {         auth.inmemoryauthentication()             .withuser("user")             .password("myapp")             .roles("admin")             .and()             .withuser("guest")             .password("guest")             .roles("user");     }      @override     protected void configure(httpsecurity http) throws exception {         http             .httpbasic()             .and()             .authorizerequests()             .antmatchers("/index.html", "/home.html", "/login.html", "/")             .permitall()             .anyrequest().authenticated().and()             .csrf()             .csrftokenrepository(csrftokenrepository())             .and()             .addfilterafter(new csrfheaderfilter(), csrffilter.class);     }      private csrftokenrepository csrftokenrepository() {         final httpsessioncsrftokenrepository repository =             new httpsessioncsrftokenrepository();         repository.setheadername("x-xsrf-token");         return repository;     } }

in application class, have service publicdata, want accessible without authentication (even, if user isn't logged in).

@springbootapplication @restcontroller public class myappapplication {     @requestmapping("/resource")     public map<string,object> home() {         final map<string,object> model = new hashmap<>();         model.put("id", uuid.randomuuid().tostring());         model.put("content", "hello world");         return model;     }     @requestmapping("/publicdata")     public string publicdata() {         return ...;     }     @requestmapping("/user")     public principal user(final principal user) {         return user;     }     public static void main(final string[] args) {         springapplication.run(myappapplication.class, args);     } }

how can this?

i tried

@override protected void configure(httpsecurity http) throws exception {     http         .httpbasic()         .and()         .authorizerequests()         .antmatchers("/index.html", "/home.html", "/login.html", "/")         .permitall()         .anyrequest().authenticated().and()         .csrf()         .csrftokenrepository(csrftokenrepository())         .and()         .addfilterafter(new csrfheaderfilter(), csrffilter.class)         .and()         .authorizerequests()         .antmatchers("/publicdata").permitall(); }

but didn't work.

you can create role permission access , grant access in methods using spring security annotation http://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html

of course every user need role automatically when connect in application.

<http use-expressions="true">   <intercept-url pattern="/*"       access="hasrole('admin')"/> </http>

then in free access method

@preauthorize("hasrole('admin')") public void create(contact contact);

Comments

Post a Comment

Popular posts from this blog

Android : Making Listview full screen -

-
<linearlayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent" android:layout_height="match_parent" android:orientation="vertical" tools:context=".mainactivity"> <edittext android:layout_margintop="5dp" android:layout_width="match_parent" android:layout_height="50dp" android:background="@drawable/location_edittext" android:id="@+id/locationeditext" android:textsize="15sp" android:textcolor="#999" android:paddingleft="15dp" /> <com.example.ravi_gupta.slider.viewpagercustomduration android:layout_width="wrap_content" android:layout_height="0dp" android:id="@+id/viewpager" android:scrollbarstyle="outsideoverlay" android:layout_weight="0.5...
Read more

javascript - Parse JSON from the body of the POST -

-
i'm using cameratag.com record video on website. service can send json response server can save data database. don't know how proceed here: the documentation states please note json repsonse passed in body of post , not form parameters. here example of how parse response in ruby: data = json.parse(request.raw_post) video_uuid = data["uuid"] but don't know how data on javascript. i'm not experienced in js please bare me :) post sample: { "uuid": "00012710-4b65-0131-ffe6-22000a499ea4", "camera_uuid": "98373a20-79ee-0130-3e42-1231390fcc11", "created_at": "2013-12-20t05:25:02.000z", "percent_complete": 100, "short_code": "kktb4q", "metadata": { }, "state": "published", "recorded_from": "http://singwho.com", "publish_type": null, "formats": [ { "name...
Read more

javascript - How to Hide Date Menu from Datepicker in yii2 -

-
basically in datetimepicker widget date choose first time, how can hide date option widget , filter according time. tried not working want hide remove button [ 'attribute'=>'time', 'label'=>'time', 'format'=>'raw', 'value'=>function($data){ return date('h:i:s',strtotime($data->time)); }, 'filter'=> datetimepicker::widget([ 'model' => $searchmodel, 'attribute' => 'time', 'clientoptions' => [ 'autoclose' => true, 'format' => 'hh:ii', 'showon' =...
Read more