spring security 403 error

Question

I\'m trying to secure my website using Spring security following the guides on the web. So on my server side the WebSecurityConfigurerAdapter and controller looks like this<

Answer 1

The issue may be related to CSRF or CORS Security Protection.

• FOR CSRF: You can disable it if the application users did not use it from browsers.
• For CORS: You can specify the origin and allow HTTP Methods.

The below code disable CSRF and allow all origins and HTTP methods. so be aware when using it.

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter  implements WebMvcConfigurer {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
    }

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**").allowedMethods("*");
    }

}