0

I want to secure a REST service for personal use and used as a backed for an Angular app using method to method security like this.

    @PreAuthorize("hasPermission(#id, 'Player', 'expenseReport.allowed')")
    @GetMapping(value = "editplayer")
    @CrossOrigin(origins = crossorg)
    public Player getEditPlayerAuthorize(@RequestParam Long id){
        return fetcher.fetchPlayer(id);
    }

The @CrossOrigin annotation works perfectly where, but when I try the same on a POST request it fails because of CORS:

    @PostMapping(value = "login", produces = "application/json")
    @CrossOrigin(origins = crossorg)
    public Login attemptLogin(@RequestBody Login payload) {        
        return handler.attemptLogin(payload);
    }

So I guess Spring Boot security is somehow interfering in this, but I see no solution why this should affect only POST requests? They worked fine before I added Spring Boot Security.

NorwegianDeveloper005
  • 31
  • 1
  • 7

1 Answers1

1

  1. Add the proper url for @CrossOrigin? (For eg. localhost url of front end).

  2. default enabled csrf may have to be disabled.

refer this How to Solve 403 Error in Spring Boot Post Request

Request Experts to help resolve this.

Naveen Chikkamath
  • 11
  • 1
  • One the one hand, your comment did not solve my situation, BUT i solved that situation myself, but when I had there was a new problem, that your comment fixed. I had disabled by accident, so thank you very much. – NorwegianDeveloper005 Jun 25 '22 at 16:13
  • Welcome. I too was getting 403 error for Post requests. I added this and resolved the issue. Hope this may help someone who face the same issue. @Override protected void configure(HttpSecurity http) throws Exception{ http.cors().and().csrf().disable(); } – Naveen Chikkamath Jun 26 '22 at 05:55