405 Method Not Allowed for POST

Question

I have a very simple spring boot application, which is secured by the following code:

http.authorizeRequests()
        .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
        .and()
          .formLogin().loginPage("/login").failureUrl("/login?error")
          .usernameParameter("username").passwordParameter("password")
        .and()
          .logout().logoutSuccessUrl("/login?logout")
        .and()
          .exceptionHandling().accessDeniedPage("/403");

the idea is to secure "admin" portion. It exposes a REST API. The problem is all the POSTS returns

405 Method Not Allowed

If I remove the security starter from the application, it works. This makes me believe that the security configuration is the problem. But I cannot find out how.

Answer 1

This should be easy.

POSTs and PUT requests would not be allowed if CSRF is enabled,and spring boot enables those by default.

Just add this to your configuration code :

.csrf().disable()

that is :

http.
.csrf().disable().
authorizeRequests()
        .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
        .and()
          .formLogin().loginPage("/login").failureUrl("/login?error")
          .usernameParameter("username").passwordParameter("password")
        .and()
          .logout().logoutSuccessUrl("/login?logout")
        .and()
          .exceptionHandling().accessDeniedPage("/403");

Refer docs ,if you need to enable CSRF :

http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/#csrf-configure