Spring security how to set a intercept-url for all pages except login page shortly

Home / java / Spring security how to set a intercept-url for all pages except login page shortly

Question:
Well this is the first time i work with spring security and i wonder if there is short way to configure every page without a common pattern like:
and having to map every controller with the value/welcome/controller.

I know that with /** pattern i can secure all the pages but the resources and controller that response to some entry input gets the 403 error too.

My frontend is programmed by html and javascript i cant not use jstl and the configuration is with xml files.


Answer:
This might be help full
@Configuration
@EnableWebSecurity
public class WebSecConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/login");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and().formLogin().permitAll();
}
@Autowired
public void ConfigGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().withUser("username").password("password").roles("USER");
}
}
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *