jbaranski/DisableCSRFOAuth2SpringBoot.md

Created August 1, 2020 14:42

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/jbaranski/7dad5a7404e85f4ebb2bef00c0d7aed9.js"></script>
Save jbaranski/7dad5a7404e85f4ebb2bef00c0d7aed9 to your computer and use it in GitHub Desktop.

Disable CSRF while using OAuth 2 in Spring Boot

Raw

Many examples on the internet just say to call http.csrf().disable(), but this ends up disabling all authentication (causes the AuthenticationPrincipal to always be null).

Here is how to disable CSRF protection for a REST service when using Spring Boot without disabling all authentication.

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
            .and().oauth2Login()
            .and().csrf().disable();
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment