Search code examples
spring-securityff4j

How to create feature toggling when spring security is enabled on ff4j?

I did the following steps and I don't understand why I did not succeed on the last one :

  1. clone this repository
  2. start spring boot app
  3. browse to http://localhost:5002/ff4j-web-console/features
  4. login with user/user (also tried admin/admin and superuser/superuser)
  5. try to create new feature but got a 403 error message

I want to have the console (+api) protected by a basic authentication but I want to be able to do anything when I'm logged. How can I achieve this ? Am I missing something on how security works between spring and ff4j ?

Solution

  • Using Spring Security with Java configuration, CSRF protection is enabled by default. In this context, if you make an Ajax request to a REST endpoint using POST method, you will get a csrf token missing error.

    To fix it, in class SecurityConfig changeconfigure method with the following. The code has been updated in github as well.

    protected void configure(HttpSecurity http) throws Exception {
 http.csrf().disable()
     .authorizeRequests()
     .anyRequest().authenticated()
     .and().formLogin();
}