...
To define routes that do not require authentication, modify the oeablSecurity.csv configuration file and set the desired URIs to permitAll():
Example for LoginWebHandler /web/Login/ routes:
| Code Block | ||||
|---|---|---|---|---|
| ||||
# "url-pattern","<method>","<spring-access-expression>"
??
# Permit unauthenticated access to /web/Login/**
"/web/Login/**","*","permitAll()"
??
# Authentication for /web/**
"/web/**","*","hasAnyRole('ROLE_PSCUser')"
??
# Best practice - deny anything not explicitly granted
"/**","*","denyAll()" |
...