POST request Full authentication is required to access this resource


Using spring security with jwt.

My spring security config:

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final JwtFilter jwtFilter;

    private final exceptionHandler exceptionHandler;

    protected void configure(HttpSecurity http) throws Exception {
                .addFilterBefore(jwtFilter, FilterSecurityInterceptor.class)

When I send GET Request everything is fine. But when I send POST: Full authentication is required to access this resource

If i add .csrf().disable() it will help, but i don’t understand how it works. Why is Get request OK but post without .csrf().disable() throwing an exception?

Can i pass POST requests without .csrf().disable() part?


To protect MVC applications, Spring adds a CSRF token to each generated view. This token must be submitted to the server on every HTTP request that modifies state (PATCH, POST, PUT and DELETE — not GET).

This protects our application against CSRF attacks since an attacker can’t get this token from their own page.

for more information:

Answered By – Pirooz Azar Abad

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published