Trying to switch the security off for one URL with XML configuration

Question

I checked several blogs / doc / stackoverflow forum entries but I still don\'t know what I am doing wrong.
I want to give access to an URL to anybody. The perm

Answer 1

It s a bug/missing feature in Spring Boot/Spring Security, see

• Security filters in xml are automatically registered out of the FilterChainProxy
• SEC-2723: Add meta-data to bean definitions of Spring Security Filter beans identifying them as "inner"

Some work-arounds are possible, one is to use Java configuration instead of XML configuration.

Answer 2

<security:intercept-url pattern="/**" access="denyAll" /> 

will not allow access to any resource irrespective of what ever sub pattern you define for other resources.

Change your pattern to somthing like

<security:intercept-url pattern="/secure/**" access="denyAll" /> /*add an extra folder and shift the resources there */ 

and

<security:intercept-url pattern="/**" access="permitAll()" />