BAEL-7005, Difference Between permitAll() and anonymous() in Spring Security

This commit is contained in:
parthiv39731 2023-09-19 09:49:03 -07:00
parent 0507b0417e
commit 5f018b3186
3 changed files with 42 additions and 2 deletions

View File

@ -24,4 +24,6 @@ public class EcommerceController {
public @ResponseBody String registerUser() {
return "Register User";
}
}

View File

@ -0,0 +1,33 @@
package com.baeldung.permitallanonymous.filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class AuditInterceptor extends OncePerRequestFilter {
private final Logger logger = LoggerFactory.getLogger(AuditInterceptor.class);
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof AnonymousAuthenticationToken) {
logger.info("Audit anonymous user");
}
if (authentication instanceof UsernamePasswordAuthenticationToken) {
logger.info("Audit registered user");
}
filterChain.doFilter(request, response);
}
}

View File

@ -1,5 +1,6 @@
package com.baeldung.permitallanonymous.security;
import com.baeldung.permitallanonymous.filter.AuditInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@ -10,6 +11,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
@Configuration
@EnableWebSecurity
@ -23,9 +25,11 @@ public class EcommerceWebSecurityConfig {
return new InMemoryUserDetailsManager(user);
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
http.addFilterAfter(new AuditInterceptor(), AnonymousAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/private/**").authenticated().and().httpBasic()
.and().authorizeRequests()
.antMatchers("/public/showProducts").permitAll()
@ -38,4 +42,5 @@ public class EcommerceWebSecurityConfig {
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}