I have a spring security config class where I'd want to allow a GET request endpoint /api/check/status?appId=12345 in my spring boot MVC then have all others include authentication measures.
This is part of my config public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
//Authenticate HTTP endpoints
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(AntPathRequestMatcher.antMatcher("/api/check/status?appId=**")).permitAll()
.anyRequest().authenticated()
)
//Sessions should be stateless
.sessionManagement(smc -> smc
.sessionCreationPolicy(SessionCreationPolicy.STATELESS
)
I with this, still asks for authentication. Can't figure how to get it allowed without auth. Anyone assist
I was able to fix the challenge, as below. Now works as expected.
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(antMatcher("/api/check/status")).permitAll()
.anyRequest().authenticated()
)