I have a simple java application with login. It has a SecurityConfig class which extends WebSecurityConfigurerAdapter. And I have implemented couple of methods there
void configure(WebSecurity web)
void configure(HttpSecurity http)
In the configure(WebSecurity web) method, i'm ignoring authentication for certain URL's
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers(HttpMethod.POST, "/examplePattern");
}
I have some service endpoints in this project.Now I need to white-list a certain ip (which I have as a string array), which should be able to access only a specific endpoint. This is because all the calls to the endpoints go through the user login authentication.
Basically what I need is, if a certain endpoint is called from a specific IP, the request should reach the controller,without authenticating
I'm quite new to this area, so if you have a solution for this problem, please let me know.
Thanks in advance
You will require IP address based authentication provider as follows :
@Service
public class IPAddressBasedAuthenticationProvider implements AuthenticationProvider {
@Autowired
private HttpServletRequest request;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String ipAddress = request.getRemoteAddr();
// Check against your array.
//return created authentication object (if user provided valid credentials)
}
}
I hope this helps.