Allow get-request but not post-request (Spring Security)

Question

I try to configure Spring Security. I have follow configuration:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                    .antMatchers("/auth**").permitAll()
                .and()
                .authorizeRequests()
                    .antMatchers("/**").authenticated()
                    .anyRequest().permitAll()
                .and()
                    .httpBasic()
                .and()
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                    .userDetailsService(userDetailsService());
    }

I can send get-request to link started with "/auth", but can't send post-request without authentication. If I remove follow code everything is ok:

.authorizeRequests()
.antMatchers("/**").authenticated()
.anyRequest().permitAll()

But I need authenticate on any page, except "/auth**"

Answer 1

A very late answer, but like most I hate coming to questions with no answers. I think you are asking how do prevent authentication to /auth**.

You should override the other config method:

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers(HttpMethod.POST, "/auth/**");
}

This will not perform any authentication for that URL. In other words it's a public URL whereby people can post a reminder password request for example.