-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
401 Unauthorized on POST endpoint in Spring Boot (MVC) application #26
Comments
"hi, I have exactly the same problem, did you manage to solve yours?" |
If you turn up the logging for Spring Security in logging:
level:
org.springframework.security.web: DEBUG You'll see the error when you try to do a POST:
If you disable CSRF in http.csrf().disable(); Here's proof: |
CSRF (Cross-Site Request Forgery) is a type of attack on web applications. It happens when an attacker tricks a user into doing something they didn't intend to do on a different website where they are already logged in. Spring Boot Security uses CSRF protection to stop these tricks and keep your application safe. In the above example, an authorized user has access only to the GetMapping method. That's why, as soon as they try to request the application with the PostMapping method, due to this CSRF, they get an unauthorised message. If we disable it, the post-mapping methods will work fine. |
So how do you still get CSRF protection while still being able to interact with the REST server? Is it just simple as disabling csrf for development and enabling it for production? |
In my case have already disabled it, but still getting 401 using POST from postman. |
@Siddhnak In postman, you can Authorization Tab beside the Headers and add your username and password. |
@Siddhnak I am facing the same error as you did. Could you please share your knowledge if you have solved this in any manner. Thank you. |
Here's what I did to retain the basic Auth in GET request and apply CSRF in POST request:
No Auth requests in Postman produces 401 Unauthorized error and with Basic Auth the request passes through. |
Hi, I am using Spring Boot 3 and Spring Security 6 and following the sample https://github.com/auth0-samples/auth0-spring-security5-api-sample/tree/use-spring-6/01-Authorization-MVC. Tutorial works well until I try with GET endpoints. But the moment I built a POST endpoint and call it, I get 401 Unauthorized error in postman even though this is configured to be permitted in SecurityConfig.java. Here is the link to my code changes https://github.com/ashishrky/auth0-spring-security5-api-sample/commit/8bf9866a7a18fb9d2e0c78f1950725f2f42eaee2. What’s wrong? Why GET call work just fine, but POST call get 401?
Posted in Auth0 community as well at https://community.auth0.com/t/401-unauthorized-on-post-endpoint-in-spring-boot-mvc-application/103716
The text was updated successfully, but these errors were encountered: