Spring security authorize request for url & method using HttpSecurity

Question

Is there any way to authorize post request to a specific url using org.springframework.security.config.annotation.web.builders.HttpSecurity ?

I\'m usin

Answer 1

I know this question is a bit old but I don't believe disabling csrf support is an acceptable answer. I had this same problem but don't feel good able using csrf.disable(). Instead I added the following line at the bottom of the page inside the form tags.

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />

Answer 2

Just Mention the path you need to remove Authentication like this

    http
       .httpBasic().and()
       .authorizeRequests()
       .antMatchers("/employees" , "/employees/**")
       .permitAll().anyRequest().authenticated()
       .and().csrf().disable()

Answer 3

Take a look here https://github.com/spring-projects/spring-data-examples/tree/master/rest/security which has

http
  .httpBasic().and()
  .authorizeRequests()
    .antMatchers(HttpMethod.POST, "/employees").hasRole("ADMIN")
    .antMatchers(HttpMethod.PUT, "/employees/**").hasRole("ADMIN")
    .antMatchers(HttpMethod.PATCH, "/employees/**").hasRole("ADMIN");