#StackBounty: #spring #spring-boot #spring-security Apply HttpSecurity for GET request

Bounty: 100

I have this rest endpoint:

public class DataPagesController {

    public ResponseEntity<?> page() {

        List<String> list = new ArrayList<>();

        list.add("test 1");
        list.add("test 2");
        list.add("test 3");
        list.add("test 4");

        return new ResponseEntity<>(list, HttpStatus.OK);

I have configured context path prefix into the project using:

    port: 8080
        context-path: /engine

I want to restrict the access using:

protected void configure(HttpSecurity http) throws Exception {
        // Allow GET for dashboard page
        .authorizeRequests().antMatchers(HttpMethod.GET, "/data/page").authenticated()

        // Allow all requests by logged in users

But I get error:

GET http://localhost:8080/engine/data/page 401

Do you know what is the proper way to configure endpoint permissions for GET request?

One possible idea:

 Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
19:12:37.834 [http-nio-8080-exec-8] DEBUG AffirmativeBased[decide:66] - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@659a59ae, returned: -1
19:12:37.834 [http-nio-8080-exec-8] DEBUG ExceptionTranslationFilter[handleSpringSecurityException:180] - Access is denied (user is anonymous); redirecting to authentication entry point

I need to remove maybe .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.