Spring Security returns login page despite permitAll
I know there is a lot of questions like this, but I could not find an answer which solves my case.
Here is my config:
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.POST, "/").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.permitAll()
.and()
.logout().permitAll();
}
}
And here is my endpoint I want users to have access without logging in:
@Slf4j
@RestController
public class MyController {
@PostMapping(value = "/", consumes = MediaType.TEXT_PLAIN_VALUE)
public void acceptAnonymously(HttpEntity<String> requestEntity) {
log.debug("body: {}", requestEntity.getBody());
}
}
So basically, I want to allow making unauthenticated POST requests to localhost:8080. Everything else should be authenticated. But when I hit localhost:8080 with postman, this is what I get:
So, CSRF stands for Cross-Site Request Forgery and I believe is enabled by default with Spring Web/Security. When it is enabled, you need to properly pass the correct csrf token to your app in order to access your application otherwise you will get thrown a 403 forbidden type error. Alternatively, there are other means of authenticating users if you so desired.
.csrf().disable()
- What is the reason to disable csrf in spring boot web application?
- Input from user in Luaj
- How can I list all the files in folder on tomcat?
- Java Convert negative numbers to 0
- Can Lombok toString() output include newlines?
- Access jdk.unsupported from JUnit doesn't need module require
- Unable to resolve name [org.hibernate.spatial.dialect.postgis.PostgisDialect] as strategy [org.hibernate.dialect.Dialect]
- java.lang.module.FindException: Module not found
- How to process tabular data from Oracle PL/SQL function in JAVA?
- Pass device udid from test parameters to DesiredCapabilities in seperate classes
- What does a "Cannot find symbol" or "Cannot resolve symbol" error mean?
- Spring Boot 2.5.0 generates plain.jar file. Can I remove it?
- Fastest method to define whether a number is a triangular number
- Can I have two the same methods annotated with @RequestMapping with different headers?
- Maximized JFrame's location is [-8,-8]. Can it be fixed?
- HTML/JS app within an Android App
- To compare UUID, can I use == or have to use UUID.equals(UUID)?
- Lombok @Slf4j and interfaces?
- Unable to run jar from cli, poi-ooxml ...xssf.usermodel.XSSFCellSytle ignored
- Using Hibernate UUIDGenerator via annotations
- Calling unmanaged C\C++ DLL methods from Java?
- How to deploy a war file in Tomcat 7
- Log JPA transaction duration
- How to connect to Oracle 8i using Java
- JavaFX TaskWorker will not start
- To Find Leaders in an array
- Jackson Error Unexpected character ('}' (code 125))
- How to configure port for a Spring Boot application
- Java Poi XSSF - create pivot table with multiple expandable columns
- Get a NoSuchBeanDefinitionException in my DAO Spring + Hibernate + MySQL code