Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This application has no explicit mapping for /error, so you are seeing this as a fallback.
- Fri Feb 22 18:40:55 EST 2019
- There was an unexpected error (type=Forbidden, status=403).
- Forbidden
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- // Disabling CSRF because it causes issues with API requests (POSTs don't
- // contain the CSRF tokens).
- http.csrf().disable();
- http.headers().frameOptions().disable();
- http.authorizeRequests()
- // This line turns off authentication for all management endpoints, which means all
- // endpoints that start with "/actuator" (the default starter path for management endpoints
- // in spring boot applications). To selectively choose which endpoints to exclude from authentication,
- // use the EndpointRequest.to(String ... method, as in the following example:
- // .requestMatchers(EndpointRequest.to("beans", "info", "health", "jolokia")).permitAll()
- .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
- // Do not authenticate resource requests
- .antMatchers(
- "/app/css/**",
- "/app/img/**",
- "/app/js/**",
- "/app/bootstrap/**").permitAll()
- .antMatchers(
- "/admin/**",
- "/app/builds/**",
- "/app/monitor/**",
- "/app/review/**")
- .hasRole(requiredRole)
- // All other requests are authenticated
- .anyRequest().authenticated()
- // Any unauthenticated request is forwarded to the login page
- .and()
- .formLogin()
- .loginPage(LOGIN_FORM)
- .permitAll()
- .successHandler(successHandler())
- .and()
- .exceptionHandling()
- .authenticationEntryPoint(delegatingAuthenticationEntryPoint())
- .and()
- .logout()
- .logoutRequestMatcher(new AntPathRequestMatcher(LOGOUT_FORM))
- .logoutSuccessUrl(LOGIN_FORM);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement