0

I have configured a Spring Security on my app as shown below but whenever we call the URL for RequestMapping POST method, it always redirects us back to Login page (Note we are logged in as ADMIN). Am I missing something?

 @Override
 protected void configure(HttpSecurity http) throws Exception{
     http.authorizeRequests()
         .antMatchers("/validate").hasAnyRole(USER.name(), ADMIN.name()) 
         .antMatchers("/Registration","/Confirmation").hasAnyRole(USER.name(),ADMIN.name()) 
         .antMatchers("/").permitAll()
         .anyRequest().hasRole(ADMIN.name())
         .and()
         .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/validate")
            .permitAll()
         .and()
         .sessionManagement()
         .invalidSessionUrl("/login");
Fancy
  • 135
  • 12
  • Does this answer your question? [Spring Security keeps redirecting me to login page](https://stackoverflow.com/questions/41827388/spring-security-keeps-redirecting-me-to-login-page) – Nandu Raj Jun 17 '21 at 06:31
  • Hi Nandu Raj, Thank you for answering but this does not solve it. – Fancy Jun 17 '21 at 07:05

1 Answers1

0

I found the answer and would like to share just in case someone else came across this problem someday. this issue is because csrf is enabled by default in spring security so everytime you need to call post method in your form html make sure you have this line of code in your form.

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

or you could just disable the csrf if u dont need it.

Fancy
  • 135
  • 12