/api-url has an empty filter list in Spring Boot Security

Question

A Spring Boot app with REST services has to allow public access to certain services, while restricting other services to only authorized users. When a configure(WebSe

Answer 1

I think what you have done is made the /error view a protected resource. Either open it up or stop using @EnableWebSecurity (it switches off some stuff that spring boot would have done for you otherwise).

Answer 2

This is what i have where i restrict some URLs and some are public

 @Override
        public void configure(HttpSecurity http) throws Exception {
            http.csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests() 
                .antMatchers(actuatorEndpoints()).hasRole(userConfig.getAdminRole())
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                .antMatchers("/signup",
                             "/payment/confirm",
                             "/api/address/zipcodes/**",
                             "/user/password/reset",
                             "/user/password/change",
                             "/user/email/verify",
                             "/password/update",
                             "/email/verify",
                             "/new-products/**").permitAll()
                .antMatchers("/api/**", "/files/**").authenticated();
        }