I have an application with Java and Spring Security in which the user must log in to be able to make any request. Now I want that for a particular request, I can access through a certificate (.pfx). My question is, how should I configure in Spring Security to allow access by certificate (.pfx) to a specific request (defined in the controller)?
This is my Spring Scurity configuration
public class AppWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requiresChannel()
.anyRequest().requiresSecure()
.and()
.authorizeRequests()
.antMatchers("/password/**", "/login**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.successHandler(successHandler()).failureHandler(new MyCustomLoginFailureHandler())
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.addLogoutHandler(logoutHandler())
.logoutSuccessUrl("/login?logout")
.deleteCookies("RememberMe")
.deleteCookies("JSESSIONID")
.permitAll()
.and();
http.csrf().disable();
}
This is my method in the controller that I want to access through the certificate:
@Controller
@RequestMapping(value = { "/" })
public class exampleController {
@RequestMapping(value = { "/activeSubscription/{id}" }, method = RequestMethod.GET)
public String activeSubscription(final Model model, @PathVariable("id") Long id) {
return "prueba";
}
}
Can someone help me? Thanks