anyRequest().permitAll()
/apis
antMatchers("/api/yourAPI").authenticated()
( antMatchers("/api/yourAPI").hasAuthority(AuthoritiesConstants.ADMIN)
(admin )),
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http .authorizeRequests()
.anyRequest().permitAll()
.antMatchers("/resources/**", "/registration", "/app.html").permitAll()
.antMatchers("/api/yourAPI").authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
}