Configure RestEndpoints on different authentication provider

Hi, I was having an issue trying to configure Spring Security on my Vaadin application.
Basically I have a Vaadin application that uses LDAP to authenticate users to use the the web application. So far okay.
Now, I need to add a RestController that is open to anybody from the backend. I tried many tutorials and forums but I always 401 error.
My question is: Should I break the application in two parts? One with that provides the REST API or is there a way to configure this?

Hi Harry,

I’ve done this before by just defining 2 separate security configurations.
One that extends VaadinWebSecurity for the Vaadin part
And one APISecurityConfig class where I define a securityFilterChain bean for everything under /api/**

That way there is a clear separation between the two.

Thanks @devoted-numbat, I was able to configure the endpoint correctly but it doesn’t look good from the testing point. I am having difficulty with @SpringBootTest. For now, I think the best solution here is to have the a backend layer and the frontend layer.

To make it work I created a new bean:

    @Bean
    @Order(1)
    public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
        http
            .securityMatcher("/api/v1/**")
            .authorizeHttpRequests(authorize -> authorize.
                    anyRequest().permitAll()
            );
        return http.build();
    }

Nevermind, I made the tests work again.