Many examples on the internet just say to call http.csrf().disable()
, but this ends up disabling all authentication (causes the AuthenticationPrincipal
to always be null
).
Here is how to disable CSRF protection for a REST service when using Spring Boot without disabling all authentication.
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {