I have implemented spring ResourceServer and trying to exempt register url from spring security.
I tried to configure WebSecurityConfigurerAdapter but either it doesn't exempt register url
or other url start throwing 403 Access Denied except register url.
@Configuration
@Order(1)
public class Configure extends WebSecurityConfigurerAdapter{
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/register").permitAll().anyRequest().fullyAuthenticated();
}
}
@SpringBootApplication
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerApplication {
public static void main(String[] args) {
SpringApplication.run(ResourceServerApplication.class, args);
}
}
@RestController
@RequestMapping()
public class UserController {
@GetMapping("/register")
public String register() {
return "Success";
}
@GetMapping("/user/me")
@PreAuthorize("hasAuthority('read_profile')")
public Principal user(Principal principal) {
return principal;
}
}
I am not sure what I missed, please guide me.
question from:
https://stackoverflow.com/questions/65889908/permit-a-url-in-spring-resourceserver 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…