Spring Security permitAll() not allowing anonymous access

Question

I have a single method that I want to allow both anonymous and authenticated access to.

I am using Spring Security 3.2.4 with java based configuration.

The o

Answer 1

The permission order is important, it works when I configure it like this:

.authorizeRequests()
        .antMatchers("/ping**")
        .permitAll()
        .and()
.authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()