How to create feature toggling when spring security is enabled on ff4j?

794 Views Asked by louis amoros At 29 June 2020 at 13:32

I did the following steps and I don't understand why I did not succeed on the last one :

clone this repository
start spring boot app
browse to http://localhost:5002/ff4j-web-console/features
login with user/user (also tried admin/admin and superuser/superuser)
try to create new feature but got a 403 error message

I want to have the console (+api) protected by a basic authentication but I want to be able to do anything when I'm logged. How can I achieve this ? Am I missing something on how security works between spring and ff4j ?

Original Q&A

There are 1 best solutions below

clunven On 30 June 2020 at 18:19 BEST ANSWER

Using Spring Security with Java configuration, CSRF protection is enabled by default. In this context, if you make an Ajax request to a REST endpoint using POST method, you will get a csrf token missing error.

To fix it, in class SecurityConfig changeconfigure method with the following. The code has been updated in github as well.

protected void configure(HttpSecurity http) throws Exception {
 http.csrf().disable()
     .authorizeRequests()
     .anyRequest().authenticated()
     .and().formLogin();
}

How to create feature toggling when spring security is enabled on ff4j?

There are 1 best solutions below

Related Questions in SPRING-SECURITY

Related Questions in FF4J

Trending Questions

Popular # Hahtags

Popular Questions