Spring Web Security Config - Ignore CSRF Validation for either or

I have certain conditions to ignore csrf validations but I am not sure how to put this in config. Following are my conditions to ignore the validation:

Has a Bearer token in the authorization.

Particular URL

Here is the config I have now:

security.csrf().ignoringRequestMatchers(new RequestHeaderRequestMatcher("Authorization")).ignoringAntMatchers("/test").and();

But with this config, I guess it is treating it like an AND operation or something. How can I change this?

Solution

Try the OrRequestMatcher.

security.csrf()
       .ignoringRequestMatchers(new OrRequestMatcher(new RequestHeaderRequestMatcher("Authorization"), new AntPathRequestMatcher("/test")));

Load Multiple CSV files into database using Spring Batch
Spring Boot i18n resolution
How to configure Azure Application Insight for a Java Spring Boot in a Pod in Azure AKS
Spring @Async with CompletableFuture
Authentication for many user types in spring boot project
Possible to access HealthIndicator methods as endpoints?
org.springframework.dao.OptimisticLockingFailureException: Attempt to update step execution id=1 with wrong version (2), where current version is 3
Issue: FileNotFoundException for AppConfig.xml in Spring Project
Custom Spring annotation for request parameters
Spring Boot Upload Multipart 413 Request Entity Too Large
Spring Batch - Deleting metadata post job completion throws error - Incorrect result size: expected 1, actual 0
How to prevent spring boot from auto creating instance of bean 'entityManagerFactory' at startup?
Spring Integration webflux fails for every other calls
Spring @ExceptionHandler handling multiple kinds of exceptions
Configuring Hazelcast via Spring Boot application.yml
Failed to configure a DataSource: 'url' attribute is not specified and no embedded datasource could be configured
Programmatically restart Spring Boot application / Refresh Spring Context
Generating JWT token with JwtUtil class in Spring Boot resulting in NullPointerException
How can I get an ObjectMapper instance in Spring Boot without inheriting from spring-boot-starter-web?
How to query elasticsearch from spring with LocalDate
After Spring Boot 3 update: Manually authenticating user not working
Multiple user details services for different endpoints
openapi-generator generates correct code, but incorrect documentation annotations in Spring Boot project
Spring Boot redirection back to login page
Customize Global Exception Handler in java Spring Boot
Spring Boot Page Deserialization - PageImpl No constructor
Exclude specific resource page(s) from Cross-Origin-Resource-Policy same-origin header in Spring WebSecurityConfigurerAdapter
Custom @ControllerAdvice in Spring for exception handling
Spring @Controller exception handler and global exception handler. How to invoke both
How to handle MethodArgumentTypeMismatchException and set a custom error message in spring boot?