BAEL-7005, Difference Between permitAll() and anonymous() in Spring Security

This commit is contained in:
parthiv39731 2023-09-19 09:49:03 -07:00
parent 0507b0417e
commit 5f018b3186
3 changed files with 42 additions and 2 deletions

View File

@ -24,4 +24,6 @@ public class EcommerceController {
public @ResponseBody String registerUser() { public @ResponseBody String registerUser() {
return "Register User"; return "Register User";
} }
} }

View File

@ -0,0 +1,33 @@
package com.baeldung.permitallanonymous.filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class AuditInterceptor extends OncePerRequestFilter {
private final Logger logger = LoggerFactory.getLogger(AuditInterceptor.class);
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof AnonymousAuthenticationToken) {
logger.info("Audit anonymous user");
}
if (authentication instanceof UsernamePasswordAuthenticationToken) {
logger.info("Audit registered user");
}
filterChain.doFilter(request, response);
}
}

View File

@ -1,5 +1,6 @@
package com.baeldung.permitallanonymous.security; package com.baeldung.permitallanonymous.security;
import com.baeldung.permitallanonymous.filter.AuditInterceptor;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@ -10,6 +11,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@ -23,9 +25,11 @@ public class EcommerceWebSecurityConfig {
return new InMemoryUserDetailsManager(user); return new InMemoryUserDetailsManager(user);
} }
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.addFilterAfter(new AuditInterceptor(), AnonymousAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/private/**").authenticated().and().httpBasic() .antMatchers("/private/**").authenticated().and().httpBasic()
.and().authorizeRequests() .and().authorizeRequests()
.antMatchers("/public/showProducts").permitAll() .antMatchers("/public/showProducts").permitAll()
@ -38,4 +42,5 @@ public class EcommerceWebSecurityConfig {
public BCryptPasswordEncoder passwordEncoder() { public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(); return new BCryptPasswordEncoder();
} }
} }