I get error: This is because there is more than one mappable servlet in your servlet context: {org.h2.server.web.JakartaWebServlet=[/h2-console/*]
Tried everything and it doesn't work, currently have it like this
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers(new AntPathRequestMatcher("/h2-console/**"));
}
@Bean
@DependsOn("webSecurityCustomizer")
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeHttpRequests((requests) -> requests
.requestMatchers("/", "/login").permitAll()
.requestMatchers("/students", "/students/**").hasRole("ADMIN")
.anyRequest().authenticated()
)
.formLogin()
.failureUrl("/login?error=BadCredentials")
.defaultSuccessUrl("/students", true)
.and()
.logout()
.logoutUrl("/logout")
.clearAuthentication(true)
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/")
.and()
.authenticationProvider(authenticationProvider());
return http.build();
}
Only way i can get it to work if i simply put:
http.authorizeHttpRequests().anyRequest().permitAll();
Looks like you are trying to use @DependsOn("webSecurityCustomizer") to ensure that the webSecurityCustomizer bean is initialized before the SecurityFilterChain. The ignoring() method is not directly available on web in the context of WebSecurityCustomizer so you are not able to get it to run.
Instead you can simply define the .ignoring() context in the security filter chain where we use it on the instance of HttpSecurity, which looks something like this.