Spring Security get user info in rest service, for authenticated and not authenticated users
permitAll() still requires Authentication object to present in SecurityContext.
For not oauth users this can be achieved with anonymous access enabled:
@Overridepublic void configure(HttpSecurity http) throws Exception { http//some configuration .and() .anonymous() //allow anonymous access .and() .authorizeRequests() .antMatchers("/views/**").permitAll()//other security settingsAnonymous access will add additional filter: AnonymousAuthenticationFilter to the filter chain that populate AnonymousAuthenticationToken as Authentication information in case no Authentication object in SecurityContext
I've this security config for check AuthUser by /public/auth:
@Overrideprotected void configure(HttpSecurity http) throws Exception { http.cors().and().authorizeRequests() .antMatchers("/api/skills/**", "/api/profile/**", "/api/info/**").authenticated() .antMatchers("/api/**").hasAuthority(Role.ROLE_ADMIN.getAuthority()) .antMatchers("/public/auth").permitAll() .and().httpBasic() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and().csrf().disable();}@GetMapping(value = "/public/auth")private ResponseEntity<User> getAuthUser(@AuthenticationPrincipal AuthUser authUser) { return authUser == null ? ResponseEntity.notFound().build() : ResponseEntity.ok(authUser.getUser());}