context: I added a role admin to certain endpoints, and now, I need the role client, to call the other endpoints that don't require the admin role.
my question is : is it possible to call the endpoints that dont need the admin role with no role ?
is my question clear ? thanks in advance !
You could let some endpoints to require no authorization/authentication like this
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers("/endpoint1","/endpoint2").permitAll();
}
in WebSecurityConfigurerAdapter class.