I want to permit access to all of my pages and put authentication each page at a time, but I can't even permit access to all my pages. My SecurityConfig is as below (I got this peace of code at spring.io):
@Configuration
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authz) -> authz
.requestMatchers("/*").permitAll()
);
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
Once I try to access any endpoint, I get a login screen:
I can't get it to work. Why is it asking authentication to all endpoints of my application? Shouldn't this be enough to permit access to everything?
package com.servicestcg.servicestcg;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
import com.servicestcg.servicestcg.controller.CartasController;
@SpringBootApplication
@ComponentScan(basePackageClasses = CartasController.class)
public class ServicesTcgApplication {
public static void main(String[] args) {
SpringApplication.run(ServicesTcgApplication.class, args);
}
}
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.0</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.services-tcg</groupId>
<artifactId>services-tcg</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>services-tcg</name>
<description>Services for tcg website</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<executable>true</executable>
<fork>true</fork>
<addResources>true</addResources>
</configuration>
</plugin>
</plugins>
</build>
</project>
With Spring Security, the sigle "all" is exprimed with "**".
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(authorization -> authorization
.requestMatchers("/**").permitAll()
);
return http.build();
}
You may encounter another problem with
@SpringBootApplication
@ComponentScan(basePackageClasses = CartasController.class)
public class ServicesTcgApplication {
public static void main(String[] args) {
SpringApplication.run(ServicesTcgApplication.class, args);
}
}
Unless you know what you're doing, you should let spring handle the package scanning for you.
@SpringBootApplication
public class ServicesTcgApplication {
public static void main(String[] args) {
SpringApplication.run(ServicesTcgApplication.class, args);
}
}
More information on Spring Security on https://docs.spring.io/spring-security/reference/index.html