I'm trying to secure specific endpoits using Spring Security SAML.
I have created custom class which extends ServiceProviderConfigurerAdapter which uses:
@Override public void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/api/secured/**").authenticated() .anyRequest().permitAll() .and() .csrf().disable() ; }
But the problem is, any request has to be authenticated.
I think this is because of the static class SAMLWebSecurityConfigurer which does by default:
http .authorizeRequests() .anyRequest() .authenticated();
I think it would be better to let users define which requests should be authenticated and which should not. What do you think?
Hi there,
I'm trying to secure specific endpoits using Spring Security SAML. I have created custom class which extends ServiceProviderConfigurerAdapter which uses:
@Override public void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/api/secured/**").authenticated() .anyRequest().permitAll() .and() .csrf().disable() ; }But the problem is, any request has to be authenticated. I think this is because of the static class SAMLWebSecurityConfigurer which does by default:http .authorizeRequests() .anyRequest() .authenticated();I think it would be better to let users define which requests should be authenticated and which should not. What do you think?
Cheers, Dom