Spring Security exclude URL on custom filter

Question

@SuppressWarnings(\"SpringJavaAutowiringInspection\")
@Configuration
@EnableWebSecurity
public class WebSecurityConfig exten         


        

Answer 1

You can disable the Spring Security filter chain for some URLs, see WebSecurity#ignoring:

Allows adding RequestMatcher instances that should that Spring Security should ignore. Web Security provided by Spring Security (including the SecurityContext) will not be available on HttpServletRequest that match. Typically the requests that are registered should be that of only static resources. For requests that are dynamic, consider mapping the request to allow all users instead.

Example Usage:

webSecurityBuilder.ignoring()
// ignore all URLs that start with /resources/ or /static/
           .antMatchers("/resources/**", "/static/**");

Therefore, you can override WebSecurityConfigurerAdapter#configure:

Override this method to configure WebSecurity. For example, if you wish to ignore certain requests.