Spring security always returns HTTP 403

Question

I have configured a custom Filter that grants a spring authority for every URL other than /login :

public class TokenFilter impleme         


        

Answer 1

I have the same issue to you, every request is blocked by 403 error, except the [/] request. After a lot of time in crazy, I found the root cause, that is the [csrf].
Then my security config is like as following:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/delete/**").authenticated().and().httpBasic().and().csrf().disable();
}

This configuration says that: only [delete/**] should be authorized.
And I mark the [delete] action as following:

@PreAuthorize("hasRole('ROLE_ADMIN')")
void delete(String id);

Hope to help someone.