I am trying to filter some url pattern to caching. What I have attempted is put some codes into WebSecurityConfigurerAdapter implementation.

 @Override
protected void configure(HttpSecurity http) throws Exception {
    initSecurityConfigService();

    // For cache
    http.headers().defaultsDisabled()
            .cacheControl()
            .and().frameOptions();

    securityConfigService.configure(http,this);
}

However this code will effect all of the web application. How can I apply this to certain URL or Content-Type like images.

I have already tried with RegexRequestMatcher, but it does not work for me.

// For cache
        http.requestMatcher(new RegexRequestMatcher("/page/", "GET"))
                .headers().defaultsDisabled()
                .cacheControl()
                .and().frameOptions();

I read this article : SpringSecurityResponseHeaders, but there is no sample for this case.

Thanks.

P.S. In short, I want to remove SpringSecurity defaults for certain url and resources.

What about having multiple WebSecurityConfigurerAdapters? One adapter could have cache controls for certain URLs and another one will not have cache control enabled for those URLs.

I solved this with Filter. Below is part of my implementation of AbstractAnnotationConfigDispatcherServletInitializer. In onStartup method override.

FilterRegistration.Dynamic springSecurityFilterChain = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
if(springSecurityFilterChain != null){
    springSecurityFilterChain.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/render/*", "/service/*");
    // I removed pattern url "/image/*" :)
}

What I have done is remove /image/* from MappingUrlPatterns. Thanks for your answers!