I'm trying to secure certain parts of a REST service using Spring Security 3.2 using JavaConfig and no XML. In particular I would like to limit access to an end point to be anonymous for a POST operation, and for all other operations to default to the rest of my configuration.
I've checked the Spring Security API docs and their reference documentation, however, I'm not seeing anything that does the equivalent of restricting an access check based on the HTTP method. For example, in XML you can do something like:
<intercept-url pattern="/users/**" method='POST' />
But I see nothing similar in the JavaConfig builders. Is it possible to do this without XML?
Thanks!
Edited 5/20/2014: Changing sample XML to only show the HTTP method.
You can do something like the following:
.antMatchers(HttpMethod.POST, "/users/**").access("hasRole('ROLE_ADMIN')")