Skip to content

Instantly share code, notes, and snippets.

@jbaranski
Created August 1, 2020 14:42
Show Gist options
  • Save jbaranski/7dad5a7404e85f4ebb2bef00c0d7aed9 to your computer and use it in GitHub Desktop.
Save jbaranski/7dad5a7404e85f4ebb2bef00c0d7aed9 to your computer and use it in GitHub Desktop.
Disable CSRF while using OAuth 2 in Spring Boot

Many examples on the internet just say to call http.csrf().disable(), but this ends up disabling all authentication (causes the AuthenticationPrincipal to always be null).

Here is how to disable CSRF protection for a REST service when using Spring Boot without disabling all authentication.

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
            .and().oauth2Login()
            .and().csrf().disable();
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment