Spring - Http Basic Auth - Mark endpoint as public

Question

I am using spring for providing basic http authentication. For this I am simply setting user and password in the application.properies:

However, I would like to expose an endpoint/or a static file as public (no authentication required for this). Is there a simple way to do this?

I find the spring documentation quite hard to search so any tips would be appreciated.

Answer 1

You can use a method to configure the endpoints on your application:

protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/", "/public/**").permitAll()
            .antMatchers("/users/**").hasAuthority("ADMIN")
            .anyRequest().fullyAuthenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .failureUrl("/login?error")
            .usernameParameter("email")
            .permitAll()
            .and()
            .logout()
            .logoutUrl("/logout")
            .deleteCookies("remember-me")
            .logoutSuccessUrl("/")
            .permitAll()
            .and()
            .rememberMe();
}

The complete example can be found here: https://github.com/bkielczewski/example-spring-boot-security