I'm trying to build to build a really basic user/role CRUD with spring security.

I created 2 types of accounts: admin and user.

After I go to this URL: http://localhost:8080/api/v1/employees first I get login and after that I get the result

The problem start when I try to connect via postman. I can't get past the login.

I can't get past the login no matter what. I tried other controller but the same thing happens.

Am I doing something wrong? Am I missing a step?

CodePudding user response：

To make a call in Postman, you need to pass a proper authorization (token header/cookie) when calling an endpoint. In your current case, Postman either shows you a login page which is that HTML you see, or an error page because unauthorized

CodePudding user response：

I had this problem yesterday, it's most likely the same thing.

I disabled csrf in the class that extends WebSecurityConfigurerAdapter to get it to work. If you're moving into production, you should probably leave it enabled.

My WebSecurityConfig class:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/").permitAll();
    }
}

I don't fully understand how the csrf protection so there might be issues if you try to log in from a browser. Uncomment out the .csrf().disable() when you want to run in from a browser