I have a springboot java project in which i have exposed rest api ednpoints as well as soap api endpoints. Also spring-security is there in my project. But I want security only on rest endpoints and don't want soap endpoints to be authenticated. I tried adding the endpoint to the WebSecurityConfig in permitAll(). But still soap endpoints are requiring authentication.
How can i bypass this authentication just for soap endpoints ?
@Bean
@ConditionalOnProperty(name="social.login",havingValue = "false")
public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf(csrf -> csrf.disable())
.authorizeHttpRequests((auth -> auth
.requestMatchers("/ws/register/**").permitAll()
.anyRequest().authenticated()))
.sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.httpBasic(Customizer.withDefaults())
.authenticationProvider(daoAuthenticationProvider())
.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
return httpSecurity.build();
}
My soap endpoint is localhost:8099/ws/register.
I don't want authentication to be applied on this.