Spring Security blocks POST requests despite SecurityConfig

后端 未结 3 1071
囚心锁ツ
囚心锁ツ 2021-02-12 15:27

I\'m developing a REST API based on Spring Boot (spring-boot-starter-web) where I use Spring Security (spring-security-core e spring-security-con

3条回答
  •  醉酒成梦
    2021-02-12 16:20

    Its simple CSRF enabled issue that doesn't allow POST requests. I faced the same problem here's the solution:(Explained)

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers(HttpMethod.POST,"/form").hasRole("ADMIN")  // Specific api method request based on role.
                .antMatchers("/home","/basic").permitAll()  // permited urls to guest users(without login).
                .anyRequest().authenticated()
                .and()
            .formLogin()       // not specified form page to use default login page of spring security
                .permitAll()
                 .and()
            .logout().deleteCookies("JSESSIONID")  // delete memory of browser after logout
    
            .and()
            .rememberMe().key("uniqueAndSecret"); // remember me check box enabled.
    
        http.csrf().disable();  **// ADD THIS CODE TO DISABLE CSRF IN PROJECT.**
    }
    

    Above code:

    http.csrf().disable();

    will solve the problem.

提交回复
热议问题