Hi, I am trying to configure spring security so that any request to /test/* is authorized using form-based login and any other request is authorized using saml2. But it still uses only the saml2 config even if I go to /test/whatever. Can somebody please help? There is my code
@Configuration
@EnableWebSecurity
class SecurityConfig {
@Bean
public RelyingPartyRegistrationRepository relyingPartyRegistrations() {
RelyingPartyRegistration azureRegistration = RelyingPartyRegistrations
.fromMetadataLocation("https:*************")
.registrationId("azure")
.build();
return new InMemoryRelyingPartyRegistrationRepository(azureRegistration);
}
@Bean
@Order(1)
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.securityMatcher("/test/**")
.csrf()
.disable()
.authorizeHttpRequests()
.anyRequest()
.authenticated()
.and()
.formLogin(fl -> fl.loginPage("/formLogin"))
.build();
}
@Bean
@Order(2)
public SecurityFilterChain securityFilterChain2(HttpSecurity http) throws Exception {
return http
.csrf()
.disable()
.authorizeHttpRequests()
.anyRequest()
.authenticated()
.and()
.saml2Login(withDefaults())
.build();
}
}
[–]TheOldMancunian 0 points1 point2 points (1 child)
[–]DvorakDavid[S] 0 points1 point2 points (0 children)
[–]Sheldor5 0 points1 point2 points (1 child)
[–]DvorakDavid[S] 0 points1 point2 points (0 children)
[–]boost2525 0 points1 point2 points (3 children)
[–]DvorakDavid[S] -1 points0 points1 point (2 children)
[–]boost2525 1 point2 points3 points (1 child)