I am working on the jsp-springboot application ,I have implemented the sso using azure and it is working as expected. I have configured
azure.activedirectory.tenant-id
azure.activedirectory.client-id
azure.activedirectory.client-secret
Also I have added the redirect url as well In the application.properties , I have not added any configuration classes other that these changes, I am able to login successfully also the ajax GET calls are returing 200 response code, but for POST calls are giving 403 forbidden error
get call sample
$.ajax({
type: 'GET',
url: "/getvalue/"+productId,
contentType: "text/plain",
dataType: 'json',
success: function (data) {
console.log("Success");
},
error: function (e) {
console.log("There was an error with your request...");
}
});
And the post call
$.ajax({
type: 'POST',
url: "/saveValue",
data:JSON.stringify(valueObj),
contentType: "application/json",
success: function (data) {
console.log("success: ");
},
error: function (e) {
console.log("There was an error with your request...");
}
});
I am not sure why the post calls are not working
200 on a GET and 403 on a POST tells me that you still have CSRF enabled.
CSRF protection is enabled by default in the Java configuration. We can still disable it if we need to:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable();
}
ref: https://www.baeldung.com/spring-security-csrf#1-java-configuration
I wouldn't recommend disabling it though. You could look at https://docs.spring.io/spring-security/reference/5.6.0-RC1/reactive/exploits/csrf.html#webflux-csrf-configure-custom-repository