Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Disable CSRF while using OAuth 2 in Spring Boot

Many examples on the internet just say to call http.csrf().disable(), but this ends up disabling all authentication (causes the AuthenticationPrincipal to always be null).

Here is how to disable CSRF protection for a REST service when using Spring Boot without disabling all authentication.

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
            .and().oauth2Login()
            .and().csrf().disable();
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.