I have one Jersey Rest web service which handles person account CRUD.
I have spring security+ oAuth2 to secure this api , what i am not able to configure is , i wanted to make anonymous of Account create method. i tried to configure intercept url but it does not work method level. so do i need to write separate class for this purpose or i can achieve without it.
Sample class code
public class AccountResource{
createAccount() --- I want this method to be accessed by Anonymous uers so they can create account without generating tokens.
updateAccount() --
findAccount() --
deleteAccont()--
}
Config code which makes secure all calls starting '/services/rest/**'
<http pattern="/services/rest/**" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/services/rest/**" method="GET" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="POST" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="PUT" access="ROLE_USER" />
<intercept-url pattern="/services/rest/**" method="DELETE" access="ROLE_USER" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
How about changing the configuration for POST requests in your security config to:
<intercept-url pattern="/services/rest/**" access="permitAll" method="POST" />