Disable spring security for POST method

Question

I have a spring security configuration like follows.

http.authorizeRequests().antMatchers("/css/**").permitAll().and().authorizeRequests().antMatchers("/imgs/**").permitAll().anyRequest()
    .fullyAuthenticated().and()
    //.csrf().disable().authorizeRequests().antMatchers(HttpMethod.POST, "/updatepass/**").permitAll().anyRequest().fullyAuthenticated().and()
    .formLogin().loginPage("/login")
    .failureUrl("/login?error=401").permitAll().and()
    //.csrf().ignoringAntMatchers("/updatepass").and()
    .logout().permitAll().and().csrf().disable()
    .authorizeRequests().antMatchers("/register").hasRole("ADMIN").and()
    .authorizeRequests().antMatchers("/registeruser").hasRole("ADMIN");     

I want to allow /updatepass POST method allowed for any request even if it's not a autherized request. I tried the following commented configurations, but still it's throwing me login page.

My target POST URL to be opened for is an API which would recieve a JSON request. and the complete URL is /updatepass I tried adding /** nothing works. Please don't suggest XML Configuration. Only Java configuration please.

Answer 1

Try adding the overloaded method of configure(WebSecurity web) with following implementation.

public void configure(WebSecurity web)
               throws Exception {
     web.ignoring().antMatchers(HttpMethod.POST, "/updatepass/**");
}