0

Application is based on Spring Boot and provides a web confgiuration gui. By default, if a user is not authorized, he gets redirected to /login an gets redirected to the desired page on successful authorization.

Now I need to provide an API endpoint for intergration of a different software /cid.

I want to disable redirect to /login for this specific /cid/ endpoint but still require basic autorization header.

Right now I have the following and I understant this config as: "prevent all requests and redirect them to /login except /cid and all children of /js/ and /css/." and it seems that I am wrong.

http.authorizeRequests()
            .antMatchers("/cid", "/js/**", "/css/**").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/")
            .permitAll()
            .and()
        .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login");

How to configure Spring Security to "require authorization for /cid, require authorization and redirect to /login everything else"?

I really got lost in documentation of Spring.

CorellianAle
  • 645
  • 8
  • 16
  • 1
    you implement a custom `ServerAuthenticationSuccessHandler`and set it using `authenticationSuccessHandler` and no i dont have a code example. – Toerktumlare Aug 02 '21 at 11:24
  • Does this answer your question? [Spring REST security - Secure different URLs differently](https://stackoverflow.com/questions/33037559/spring-rest-security-secure-different-urls-differently) – Eleftheria Stein-Kousathana Aug 10 '21 at 09:19

0 Answers0