Solved

Spring Boot Security, adding filters to different routes

Posted on 2016-08-08
2
231 Views
Last Modified: 2016-08-08
I'm trying to put together a single application that contains both an API and an Admin interface using Spring Boot.

The idea is that all API endpoints will be accessible via domain.com/api/ and the admin interface under domain.com/admin/

The Admin interface and the API need different types of authentication, so somehow in the spring security configuration I need to define a filter for routes starting with /api/ and define another route to be called for routes starting /admin/

This is my security config class, which I thought might work, but it doesn't.

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    AuthenticationFilter authenticationFilter;

    @Autowired
    AdminAuthenticationFilter adminAuthenticationFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()

                // Allow anonymous visitors to auth controller methods
                .antMatchers("/admin/auth/**").permitAll()

                .antMatchers("/admin/**").authenticated().addFilterBefore(adminAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                .antMatchers("/api/**").authenticated().addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class)

                // All other request need to be authenticated
                .anyRequest().authenticated();

        http.exceptionHandling().accessDeniedPage("/auth/403");
    }

}

Open in new window

0
Comment
Question by:SheppardDigital
  • 2
2 Comments
 

Accepted Solution

by:
SheppardDigital earned 0 total points
ID: 41747175
I managed to resolve this myself.

http.authorizeRequests().antMatchers("/admin/auth/**").permitAll();
        http.authorizeRequests().antMatchers("/admin/**").authenticated().and().addFilterBefore(adminAuthFilter, UsernamePasswordAuthenticationFilter.class);

        http.authorizeRequests().antMatchers("/api/auth/**").permitAll();
        http.authorizeRequests().antMatchers("/api/**").authenticated().and().addFilterBefore(apiAuthFilter, UsernamePasswordAuthenticationFilter.class);

Open in new window

0
 

Author Closing Comment

by:SheppardDigital
ID: 41747176
Self resolved
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
servlet doXXX methods 3 61
hibernate example issues from command prompt 10 50
jboss wildfly 10.1 10 216
sql import cannot be resolved jsp 3 44
For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Viewers learn about the “while” loop and how to utilize it correctly in Java. Additionally, viewers begin exploring how to include conditional statements within a while loop and avoid an endless loop. Define While Loop: Basic Example: Explanatio…
The viewer will learn how to implement Singleton Design Pattern in Java.

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question