How to exclude one url from authorization How to exclude one url from authorization java java

How to exclude one url from authorization


java jakarta-ee authentication web.xml

Omit the <auth-constraint> element in <security-constraint> for resources for which you don't need authentication like:

<security-constraint>    <web-resource-collection>        <web-resource-name>app</web-resource-name>        <url-pattern>/info</url-pattern>    </web-resource-collection>    <!-- OMIT auth-constraint --></security-constraint><security-constraint>    <web-resource-collection>        <web-resource-name>app</web-resource-name>        <url-pattern>/*</url-pattern>    </web-resource-collection>    <auth-constraint>        <role-name>Role</role-name>    </auth-constraint></security-constraint>

java jakarta-ee authentication web.xml

If you are looking for keycloak with Spring boot solution, then try likes this in your application properties file:

keycloak.security-constraints[0].authRoles[0]=userskeycloak.security-constraints[0].security-collections[0].patterns[0]=/*keycloak.security-constraints[1].security-collections[0].patterns[0]=/info

This will apply security on all URLs except /info

java jakarta-ee authentication web.xml

I don't know whether I get you right ! With my limited knowledge I think in-order to implement security the content to be secured is declared using one or more web-resource-collection elements. Each web-resource-collection element contains an optional series of url-pattern elements followed by an optional series of http-method elements. The url-pattern element value specifies a URL pattern against which a request URL must match for the request to correspond to an attempt to access secured content. The http-method element value specifies a type of HTTP request to allow.

<security-constraint>    <web-resource-collection>        <web-resource-name>Secure Content</web-resource-name>        <url-pattern>/restricted/*</url-pattern>    </web-resource-collection>    <auth-constraint>        <role-name>AuthorizedUser</role-name>    </auth-constraint>    <user-data-constraint>        <transport-guarantee>NONE</transport-guarantee>    </user-data-constraint></security-constraint><!-- ... --><login-config>    <auth-method>BASIC</auth-method>    <realm-name>The Restricted Zone</realm-name></login-config><!-- ... --><security-role>    <description>The role required to access restricted content </description>    <role-name>AuthorizedUser</role-name></security-role>

URL lying under the web application's /restricted path requires an AuthorizedUser role.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last