No authentication when HTTP request method is "GET"

tinawenqiao · tinawenqiao · commit f6b5f3f8bb27 · 2018-06-14T16:40:31.000+08:00
diff --git a/src/main/java/org/gnuhpc/bigdata/config/WebSecurityConfig.java b/src/main/java/org/gnuhpc/bigdata/config/WebSecurityConfig.java
@@ -7,6 +7,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -48,6 +49,7 @@ protected void configure(HttpSecurity http) throws Exception {
     http.csrf().disable();
     if (securityCheck) {
       http.authorizeRequests().antMatchers("/api", "/swagger-ui.html", "/webjars/**", "/swagger-resources/**", "/v2/**").permitAll()
+              .antMatchers(HttpMethod.GET, "/**").permitAll()
               .anyRequest().authenticated();
       http.httpBasic().authenticationEntryPoint(basicAuthenticationPoint);
       http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
