BAEL-7005, Difference Between permitAll() and anonymous() in Spring Security

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/permitallanonymous/controller/EcommerceController.java

@@ -24,4 +24,6 @@ public class EcommerceController {
     public @ResponseBody String registerUser() {
         return "Register User";
     }
+
 }
+

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/permitallanonymous/filter/AuditInterceptor.java

@@ -0,0 +1,33 @@
+package com.baeldung.permitallanonymous.filter;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class AuditInterceptor extends OncePerRequestFilter {
+    private final Logger logger = LoggerFactory.getLogger(AuditInterceptor.class);
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication instanceof AnonymousAuthenticationToken) {
+            logger.info("Audit anonymous user");
+        }
+        if (authentication instanceof UsernamePasswordAuthenticationToken) {
+            logger.info("Audit registered user");
+        }
+        filterChain.doFilter(request, response);
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/permitallanonymous/security/EcommerceWebSecurityConfig.java

@@ -1,5 +1,6 @@
 package com.baeldung.permitallanonymous.security;
 
+import com.baeldung.permitallanonymous.filter.AuditInterceptor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -10,6 +11,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
 
 @Configuration
 @EnableWebSecurity
@@ -23,9 +25,11 @@ public class EcommerceWebSecurityConfig {
 
         return new InMemoryUserDetailsManager(user);
     }
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
+        http.addFilterAfter(new AuditInterceptor(), AnonymousAuthenticationFilter.class)
+                .authorizeRequests()
                 .antMatchers("/private/**").authenticated().and().httpBasic()
                 .and().authorizeRequests()
                 .antMatchers("/public/showProducts").permitAll()
@@ -38,4 +42,5 @@ public class EcommerceWebSecurityConfig {
     public BCryptPasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
-}
+
+}