How to make a particular API public and rest private (needs authentication) in springboot

61 Views Asked by Adarsh Gupta At 15 January 2024 at 07:31

I have 3 API endpoints all having GET, POST & DELETE functions, 3 are secured using spring boot security,

/api/travel
/api/employees
/api/assoc

I want /api/employees's POST to be publicly accessible, because it's my Sign-up logic as obviously the user doesn't have to sign in to sign up.

Below is the Config file's filter snipppet thats not working:

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity security) throws Exception{
        return security.csrf(csrf->csrf.disable())
                .authorizeHttpRequests(authorize -> authorize
                        .requestMatchers(HttpMethod.POST, "/api/employees").permitAll()
                        .anyRequest().authenticated()
                )
                .httpBasic(Customizer.withDefaults())
                .build();
    }

I tried POSTing the body as Json in Postman to /api/employees with no authorisation header, but it is giving me 401 unauthorised.

Original Q&A

There are 1 best solutions below

Mateusz On 17 January 2024 at 09:32

Try option with extends YOUR_CLASS with WebSecurityConfigurerAdapter, after that override method

protected void configure(HttpSecurity http) throws Exception {}

in this method you can put your code inside, remeber YOUR_CLASS should be annotated with:

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class YOUR_CLASS

How to make a particular API public and rest private (needs authentication) in springboot

There are 1 best solutions below

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in SPRING-BOOT-SECURITY

Trending Questions

Popular # Hahtags

Popular Questions