Sorry to cross this here and the old spring forums, but I didn’t get any answers and thought the original post might have been lost in the shuffle when the forums were disabled. Anyhoo ...
From the documentation, you can imitate several elements in the java configuration by extending the WebSecurityConfigurerAdapter several times. I did this and added a few custom filters to only one of them, but it’s strange that the filters seem to apply to all requests, not even to them. Here is an example of my configuration:
@Configuration
class ConfigA extends WebSecurityConfigurerAdapter {
public void configure(HttpSecurity http) {
http
.antMatcher("/foo")
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.addFilterAfter(myFilter, BasicAuthFilter.class)
...
}
}
@Configuration
class ConfigB extends WebSecurityConfigurerAdapter {
public void configure(HttpSecurity http) {
http
.antMatcher("/bar")
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
...
}
}
What am I missing? Is it that this filter applies to both / all queries? Is the filter supposed to determine which queries it should apply to?
Thanks Justin