Spring-Boot REST service basic http auth exclude one endpoint
Well after more experimenting I found that the following works - @efekctive please note that there is no context prefix on the healthcheck:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/healthcheck").permitAll()
.antMatchers("/**").authenticated().and().httpBasic();
}
One big caveat: when I posted this I was testing the healthcheck endpoint by invoking curl with BOGUS http credentials, expecting Spring to ignore them, but Spring always answered 401-unauthorized. The proper test is to invoke curl with NO http credentials at all, then the healthcheck endpoint answers quite happily.