Spring webSecurity.ignoring() doesn't ignore custom filter

Question

I have a set a custom authentication filter in my Spring 4 MVC + Security + Boot project. The filter does it\'s job well and now I want to disable the security for some URI

Answer 1

I had the correct configuration to ignore some context path in the web security configuration as below..

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/v1/api1").antMatchers("/v1/api2");
}

But I mistakenly had added @PreAuthorize(...) on my controller method and it seems like that method level security was overriding any security configuration set up at the start.