How to do custom security configuration for Spring boot applications ?
In a Spring boot app the default security configuration can be found in this class- SpringBootWebSecurityConfiguration. If you want to do any custom Spring security configuration for your applications then create your own class like below and copy paste the defaultSecurityFilterChain() method from the same class, you can rename this method as well :
@Configuration
public class MySecurityConfig {
@Bean
SecurityFilterChain myCustomSecurityFilterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.anyRequest().authenticated(); //default
//.anyRequest().denyAll();
//.anyRequest().permitAll();
.antMatchers("/test").authenticated()
.antMatchers("/test2").permitAll();
http.formLogin();
http.httpBasic();
return http.build();
}
}
In the above example
//default : is the line of code that is present by default.
//denyAll() : It will not allow any requests to pass through.
permitAll(): Will permit the given urls.
authenticated(): Will ask for the authentication.