I'm not quite sure if this is possible - all examples I find online are deprecates as e.g. the property security.http.port
does not seem to exist today in Spring Boot 2.
What I need is a way to run Tomcat on two ports e.g. 8443 for HTTPS and 8080 for HTTP.
Also I'd want everything under /api
to require HTTPS except /api/webhooks
(or at least /webhooks
as I can still change the endpoint if I wanted).
I was imagining something like this:
@Override
public void configure(HttpSecurity http) throws Exception {
http
.requiresChannel()
.antMatchers("/api/*/webhooks/**")
.requiresInsecure()
.and()
.requiresChannel()
.antMatchers("/**")
.requiresSecure()
.and()
.exceptionHandling()
.and()
.authorizeRequests()
.antMatchers("/api/*/public/**", "oauth/**")
.permitAll()
.antMatchers(HttpMethod.GET, "/*", "/assets/*")
.permitAll()
.antMatchers("/api/**")
.authenticated();
}
Can this be done? This question has a background - I am trying to accept webhook calls which are coming in as HTTP POST requests.