403 forbidden when I try to post to my spring api?

Question

Using postman, I can get a list of users with a get request to: http://localhost:8080/users.

But when I send a post request to the same address, I get a 40

Answer 1

When you use spring boot with spring security and if you are accessing your API's(POST, PUT, DELETE) from Postman or something, they wont be accessible and error is related to authorization like forbidden 403.

So in that case, you have to disabled to csrf functionality to run and test the API from Postman.

The answer provided by @benjamin c is right. You have to add the class with the this configuration will work.

Make sure you are removing this when you add your code in production. CSRF protection is must and you have to keep it in security functionality.

I am just extending his answer for more details by providing complete class details. My requirement was to just test the API from Postman, so I added this class, and able to test the API from Postman.

But after that I have added Spring Junit classes to test my functionalities and removed this class.

@Configuration
@EnableWebSecurity
public class AppWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {    
        http
            .csrf().disable()
            .authorizeRequests()
                .anyRequest().permitAll();
        }
}

Hope this helps to someone.