401 Unauthorized on POST endpoint in Spring Boot (MVC) application

ashishrky · March 30, 2023, 8:16am

Hi, I am using Spring Boot 3 and Spring Security 6 and following the sample auth0-spring-security5-api-sample/01-Authorization-MVC at use-spring-6 · auth0-samples/auth0-spring-security5-api-sample · GitHub. Tutorial works well until try with GET endpoints. But the moment I built a POST endpoint and call it, I get 401 Unauthorized error in postman even though this is configured to be permitted in SecurityConfig.java. Here is the link to my code changes POST Endpoint to test · ashishrky/auth0-spring-security5-api-sample@8bf9866 · GitHub. What’s wrong? Why GET call work just fine, but POST call get 401?

konrad.sopala · March 30, 2023, 10:59am

Hey there!

In order to handle that most effectively can I ask you to raise it as a GitHub issue here in the repo so we can discuss that directly with the repo maintainers? Once you have a link to it you can share it here so we can ping them. Thank you!

ashishrky · March 30, 2023, 2:20pm

Hi @konrad.sopala, I have opened a github issue at… 401 Unauthorized on POST endpoint in Spring Boot (MVC) application · Issue #26 · auth0-samples/auth0-spring-security5-api-sample · GitHub. Thanks

konrad.sopala · March 30, 2023, 2:21pm

Perfect! I’ll ping the repo maintainers in a few minutes!

ashishrky · April 11, 2023, 4:40am

Hi @konrad.sopala, did you reach out to repo maintainers? I do not see any update on this issue. This issue is blocking usage of auth0 in my project. Can you please help? Thanks.

dawid.matuszczyk · May 16, 2024, 5:47pm

Reposting solution from the team shared in the github issue:

If you turn up the logging for Spring Security in application.yml:

logging: level: org.springframework.security.web: DEBUG

You’ll see the error when you try to do a POST:

2023-04-20T10:24:21.166-06:00 DEBUG 15786 --- [nio-3010-exec-1] o.s.security.web.FilterChainProxy        : Securing POST /api/public/post
2023-04-20T10:24:21.184-06:00 DEBUG 15786 --- [nio-3010-exec-1] o.s.security.web.csrf.CsrfFilter         : Invalid CSRF token found for http://localhost:3010/api/public/post
2023-04-20T10:24:21.184-06:00 DEBUG 15786 --- [nio-3010-exec-1] o.s.s.w.access.AccessDeniedHandlerImpl   : Responding with 403 status code
2023-04-20T10:24:21.186-06:00 DEBUG 15786 --- [nio-3010-exec-1] o.s.security.web.FilterChainProxy        : Securing POST /error
2023-04-20T10:24:21.189-06:00 DEBUG 15786 --- [nio-3010-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext

If you disable CSRF in SecurityConfig.java, everything will work:

http.csrf().disable();

Here’s proof:

system · May 30, 2024, 5:47pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Spring Auth0 getting "401 unauthorized" Help token , api , spring	4	9992	August 9, 2019
Getting 401s all of the sudden with Spring MVC JPA Help spring , java , quickstart , spring-boot	3	5210	August 30, 2019
Intermittent 401 unauthorized response Help authorization	1	4272	March 2, 2018
Angular app sending authorized request to spring boot rest api, but im getting 401 code Help angular , jwt , auth0 , spring-boot , spring-security	2	13347	September 2, 2019
auth0-spring-security-api-sample not working Help auth0-api-sample	2	4874	March 2, 2018

401 Unauthorized on POST endpoint in Spring Boot (MVC) application

Related Topics