Springboot security: Access only for logged-in or local-network users

I´m developing a springboot application and using spring security for the authentification (username&password form).

Now i´ll adding the rule, that users from my local network wont need to login- i´ve implemented the following, but am not sure if this is a good way how to resolve it programmatically:

    @Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .authorizeRequests()
            .antMatchers("/resources/**", "/css/**", "/js/**").permitAll()
            .anyRequest().access("isAuthenticated() or hasIpAddress('0:0:0:0:0:0:0:1') or hasIpAddress('192.168.2.0/16')")
            .and()
            .formLogin()
                .loginPage("/login")
                .successHandler(this::loginSuccessHandler)
                .failureHandler(this::loginFailureHandler)
                .permitAll()
            .and()
            .logout()
            .permitAll();

    // security config for using h2-console
    httpSecurity.csrf().disable();
    httpSecurity.headers().frameOptions().disable();
}

All Questions Answered

Search This Blog

Donate. I desperately need donations to survive due to my health

Get paid by answering surveys Click here

Click here to donate

Remote/Work from Home jobs

Springboot security: Access only for logged-in or local-network users

Comments

Post a Comment