vendredi 23 août 2019

Spring security do not apply filter to health check

I need to allow a health check api to be available without JWT authentication. Way it is setup is below.

Adding intercept-url for pattern '/health' will not work as filters are called before intercept.

How can i make this security apply only when pattern is not '/health'.

<security:http entry-point-ref="apiAuthenticationEntryPoint"
               authentication-manager-ref="authenticationManager"
               create-session="never" >
    <security:intercept-url pattern="/health" access="permitAll"/>
    <security:custom-filter ref="apiAuthenticationFilter"
                            position="PRE_AUTH_FILTER"/>
    <security:access-denied-handler ref="accessDeniedHandler"/>
</security:http>

<security:global-method-security jsr250-annotations="enabled"
                                 secured-annotations="enabled"
                                 pre-post-annotations="enabled"/>

<security:authentication-manager id="authenticationManager">
    <security:authentication-provider ref="accessTokenAuthenticationProvider"/>
    <security:authentication-provider ref="jwtAuthenticationProvider"/>
</security:authentication-manager>



Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)