Java based configuration to enable spring security anonymous access

Question

I want to enable the use of \"ROLE_ANONYMOUS\" to allow anonymous access to some urls in my app. And I used the below configuration.

@Overr         


        

Answer 1

As Faraj Farook wrote, you have to permit access to your login page URL. You commented the relevant line out:

@Override
protected void configure(HttpSecurity http) throws Exception {
     http
        .anonymous()
            .authorities("ROLE_ANONYMOUS")
            .and()
        .headers()
             .cacheControl()
             .and()
        .authorizeRequests()
            .antMatchers("/").permitAll()
            .antMatchers("/profile/image").permitAll()
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/resources/**").permitAll()

            .antMatchers(HttpMethod.GET, "/login/**").permitAll()

            .anyRequest().authenticated()
}

But if you prefer not to use permitAll() you could use hasAuthority("ROLE_ANONYMOUS"). In this case you don't need to annotate your method with @Secured( value={"ROLE_ANONYMOUS"}).