Skip to content

Instantly share code, notes, and snippets.

@jbaranski

jbaranski/DisableCSRFOAuth2SpringBoot.md

Created August 1, 2020 14:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jbaranski/7dad5a7404e85f4ebb2bef00c0d7aed9 to your computer and use it in GitHub Desktop.
Save jbaranski/7dad5a7404e85f4ebb2bef00c0d7aed9 to your computer and use it in GitHub Desktop.
Download ZIP
Disable CSRF while using OAuth 2 in Spring Boot
Raw
DisableCSRFOAuth2SpringBoot.md

Many examples on the internet just say to call http.csrf().disable(), but this ends up disabling all authentication (causes the AuthenticationPrincipal to always be null).

Here is how to disable CSRF protection for a REST service when using Spring Boot without disabling all authentication.

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
            .and().oauth2Login()
            .and().csrf().disable();
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment