Spring security authorize request for url & method using HttpSecurity

I know this question is a bit old but I don't believe disabling csrf support is an acceptable answer. I had this same problem but don't feel good able using csrf.disable(). Instead I added the following line at the bottom of the page inside the form tags.

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />

Take a look here https://github.com/spring-projects/spring-data-examples/tree/master/rest/security which has

http
  .httpBasic().and()
  .authorizeRequests()
    .antMatchers(HttpMethod.POST, "/employees").hasRole("ADMIN")
    .antMatchers(HttpMethod.PUT, "/employees/**").hasRole("ADMIN")
    .antMatchers(HttpMethod.PATCH, "/employees/**").hasRole("ADMIN");

Spring security authorize request for url & method using HttpSecurity

Tags:

Spring

Spring Security

Spring Java Config

Jhipster

Related

Recent Posts