w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Spring security: In 3.1, bypass security filter for only 'GET' requests

I found a way to get around the problem - Using Expression-Based Access Control, I used access="permitAll" which configures authorization without disabling filters.

<!-- Just un-comment any resource if you don't want
authentication to be done on them -->
<http pattern="/base/version" security="none"/>

<!-- Secure resources -->
<http create-session='stateless'
entry-point-ref="tokenAuthenticationEntryPoint" use-   
expressions="true">
  <custom-filter position="PRE_AUTH_FILTER"
ref="tokenAuthenticationFilter" />
  <intercept-url pattern="/v1/abc/**" method="GET"
access="permitAll"/>
  <intercept-url pattern="/v1/abc/**" method="POST"
access="hasRole('ROLE_USER')"/>
  <intercept-url pattern="/v1/abc/**" method="PUT"
access="hasRole('ROLE_USER')"/>
  <intercept-url pattern="/v1/abc/**" method="DELETE"
access="hasRole('ROLE_USER')"/>
  <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
</http>




© Copyright 2018 w3hello.com Publishing Limited. All rights reserved.