Add /error to unprotected resource patterns

Author: Dave Syer

click/README.adoc

@@ -103,7 +103,7 @@ public class SocialApplication extends WebSecurityConfigurerAdapter {
  http
  .antMatcher("/**")
  .authorizeRequests()
- .antMatchers("/", "/login**", "/webjars/**")
+ .antMatchers("/", "/login**", "/webjars/**", "/error**")
  .permitAll()
  .anyRequest()
  .authenticated();
@@ -121,6 +121,10 @@ the static resources it contains (we also include access to the login
 endpoints which handle the authentication). All other requests
 (e.g. to the `/user` endpoint) require authentication.
 
+NOTE: `/error**` is an unprotected path because we want Spring Boot
+to bew able to render errors if there is a problem in the app, even
+if the user is unauthenticated.
+
 With that change in place the application is complete, and if you run
 it and visit the home page you should see a nicely styled HTML link to
 "login with Facebook". The link takes you not directly to Facebook,

click/src/main/java/com/example/SocialApplication.java

@@ -37,7 +37,7 @@ public Principal user(Principal principal) {
 
 @Override
 protected void configure(HttpSecurity http) throws Exception {
-http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
+http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest()
 .authenticated();
 }
 

custom-error/src/main/java/com/example/SocialApplication.java

@@ -79,7 +79,7 @@ public String unauthenticated() {
 @Override
 protected void configure(HttpSecurity http) throws Exception {
 // @formatter:off
-http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
+http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest()
 .authenticated().and().logout().logoutSuccessUrl("/").permitAll().and().csrf()
 .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
 // @formatter:on

github/src/main/java/com/example/SocialApplication.java

@@ -72,7 +72,7 @@ public Map<String, String> user(Principal principal) {
 @Override
 protected void configure(HttpSecurity http) throws Exception {
 // @formatter:off
-http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
+http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest()
 .authenticated().and().exceptionHandling()
 .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
 .logoutSuccessUrl("/").permitAll().and().csrf()

logout/src/main/java/com/example/SocialApplication.java

@@ -39,7 +39,7 @@ public Principal user(Principal principal) {
 @Override
 protected void configure(HttpSecurity http) throws Exception {
 // @formatter:off
-http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
+http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest()
 .authenticated().and().logout().logoutSuccessUrl("/").permitAll().and().csrf()
 .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
 // @formatter:on

manual/src/main/java/com/example/SocialApplication.java

@@ -57,7 +57,7 @@ public Principal user(Principal principal) {
 @Override
 protected void configure(HttpSecurity http) throws Exception {
 // @formatter:off
-http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
+http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest()
 .authenticated().and().exceptionHandling()
 .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
 .logoutSuccessUrl("/").permitAll().and().csrf()