Spring Security get user info in rest service, for authenticated and not authenticated users
permitAll()
still requires Authentication
object to present in SecurityContext
.
For not oauth users this can be achieved with anonymous access enabled:
@Override
public void configure(HttpSecurity http) throws Exception {
http
//some configuration
.and()
.anonymous() //allow anonymous access
.and()
.authorizeRequests()
.antMatchers("/views/**").permitAll()
//other security settings
Anonymous access will add additional filter: AnonymousAuthenticationFilter
to the filter chain that populate AnonymousAuthenticationToken
as Authentication information in case no Authentication
object in SecurityContext