How to secure specific URL with filter?

409 Views Asked by ngi At 20 October 2024 at 05:33

I want to secure only few specific endpoints and if any request comes to secured endpoint I want to apply filter on that.
This is what I have tried as of now:

http
    .csrf().disable()
    .addFilterAfter((Filter) MyFilter, UsernamePasswordAuthenticationFilter.class)
    .authorizeRequests()
          .antMatchers("/api/users").permitAll()
          .anyRequest().authenticated();

I am expecting that it should secure only /api/users and if any request comes to this secured endpoint, then it should go through the filter. But right now each request is going through the filter.
Please suggest what is the right way to do this.

Original Q&A

There are 1 best solutions below

Marcus Hert da Coregio On 21 December 2022 at 13:47 BEST ANSWER

Create a RequestMatcher in your Filter and make it only apply to requests that match.

public class MyFilter implements Filter {

  private RequestMatcher requestMatcher = new AntPathRequestMatcher("/api/users");

  @Override
  public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      if (!this.requestMatcher.matches(request)) {
        // the request do not match, do nothing but continue the filter chain
        chain.doFilter(request, response);
        return;
      }
      // do the filter logic
  }

}

How to secure specific URL with filter?

There are 1 best solutions below

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY

Related Questions in SPRING-BOOT-SECURITY

Trending Questions

Popular # Hahtags

Popular Questions