Open BillyBolton opened 1 year ago
Hello @BillyBolton it s working for me with the following configuration : http.apply(AadResourceServerHttpSecurityConfigurer.aadResourceServer()) .and() .authorizeHttpRequests((requests) -> requests .requestMatchers( "url to allow").permitAll() .anyRequest().authenticated()); // @formatter:on return http.build();
Hi @cheikh-diop , thanks for the response.
Your response is similar to the example that is not working for me, but excluding the other endpoint that I need have a specific Role/Permission/Scope for.
In my example, either both endpoints will be permitted or both will be blocked (when attempting different things).
Hi @BillyBolton thanks for using Spring Cloud Azure!
You can try to config a bean WebSecurityCustomizer
for path /api/docs/**
, see more from https://docs.spring.io/spring-security/reference/5.8/migration/servlet/config.html#_publish_a_websecuritycustomizer_bean
Query/Question Note: I have also asked this question on StackOverflow here
I would like to use SecurityFilters instead of fine grain annotations for protecting a resource server's endpoints. However, it does not seem easily possible to add a whitelist to some of these endpoints doing so. Either both will be blocked or both will be permitted.
I'm wondering what I may be doing wrong with the following example:
Gradle dependencies:
application.properties
Example AadOAuth2ResourceServerSecurityConfig
Why is this not a Bug or a feature Request? This is a request for support from Azure developers.
Setup (please complete the following information if applicable):
Note: this seems old for Spring Boot 3.+ https://github.com/Azure-Samples/azure-spring-boot-samples/blob/main/aad/spring-cloud-azure-starter-active-directory/aad-resource-server-by-filter/src/main/java/com/azure/spring/sample/aad/security/WebSecurityConfig.java
However, I've followed the documentation here: https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/secure-your-restful-api-using-spring-cloud-azure
Information Checklist