Solved

Spring Boot Security, adding filters to different routes

Posted on 2016-08-08
2
493 Views
Last Modified: 2016-08-08
I'm trying to put together a single application that contains both an API and an Admin interface using Spring Boot.

The idea is that all API endpoints will be accessible via domain.com/api/ and the admin interface under domain.com/admin/

The Admin interface and the API need different types of authentication, so somehow in the spring security configuration I need to define a filter for routes starting with /api/ and define another route to be called for routes starting /admin/

This is my security config class, which I thought might work, but it doesn't.

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    AuthenticationFilter authenticationFilter;

    @Autowired
    AdminAuthenticationFilter adminAuthenticationFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()

                // Allow anonymous visitors to auth controller methods
                .antMatchers("/admin/auth/**").permitAll()

                .antMatchers("/admin/**").authenticated().addFilterBefore(adminAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                .antMatchers("/api/**").authenticated().addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class)

                // All other request need to be authenticated
                .anyRequest().authenticated();

        http.exceptionHandling().accessDeniedPage("/auth/403");
    }

}

Open in new window

0
Comment
Question by:SheppardDigital
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Accepted Solution

by:
SheppardDigital earned 0 total points
ID: 41747175
I managed to resolve this myself.

http.authorizeRequests().antMatchers("/admin/auth/**").permitAll();
        http.authorizeRequests().antMatchers("/admin/**").authenticated().and().addFilterBefore(adminAuthFilter, UsernamePasswordAuthenticationFilter.class);

        http.authorizeRequests().antMatchers("/api/auth/**").permitAll();
        http.authorizeRequests().antMatchers("/api/**").authenticated().and().addFilterBefore(apiAuthFilter, UsernamePasswordAuthenticationFilter.class);

Open in new window

0
 

Author Closing Comment

by:SheppardDigital
ID: 41747176
Self resolved
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java contains several comparison operators (e.g., <, <=, >, >=, ==, !=) that allow you to compare primitive values. However, these operators cannot be used to compare the contents of objects. Interface Comparable is used to allow objects of a cl…
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question