Reputation: 3891
Grails HttpSecurity - allowing POST
I have a rather simple security config in my Grails 3.0.3 application:
@Configuration
@EnableWebSecurity
class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers('/admin/**').hasAnyRole('ADMIN')
.antMatchers('/**').hasAnyRole('USER', 'ADMIN')
//.antMatchers('/').permitAll()
.and()
.formLogin().permitAll()
.and()
.logout().permitAll()
http.headers().frameOptions().disable()
http.csrf().disable()
}
I have also some DomainClasses which use @Resource annotation
@Resource(uri="/myresource",formats=['json'])
When I turn off authentication for /** path - everything works fine. But when I leave authentication for /** on, so including /myresource, it no longer accepts POST requests. It returns 405 method not allowed then. How can I allow POST requests using HttpSecurity in Grails 3?
UPDATE 1: GET requests are allowed for authenticated users
Upvotes: 0
Views: 437
Answers (1)
Reputation: 11
I've just ran into the same problem. There are two ways to solve it:
disable csrf protection by
HttpSecurity http.csrf().disable()in configure methodadd a csrf token to your JSON. More about this you could read at this link.
Upvotes: 1
Related Questions
- Method Not Allowed 405, when hitting POST request after grails uprgade from 2.5.2 to 3.3.11
- Grails - SSL and Spring security core
- How to Configure Spring Security Rest for Grails 3.x
- Grails Spring Security Rest Basic Configuration
- Grails Spring Security Rest - 403 Forbidden
- Grails spring security core allow authentication from url
- Using grails spring security to secure URLs with http method
- grails spring security post authentication
- Grails Springsecurity
- how to force https