How to create feature toggling when spring security is enabled on ff4j?

Question

I did the following steps and I don't understand why I did not succeed on the last one :

clone this repository
start spring boot app
browse to http://localhost:5002/ff4j-web-console/features
login with user/user (also tried admin/admin and superuser/superuser)
try to create new feature but got a 403 error message

I want to have the console (+api) protected by a basic authentication but I want to be able to do anything when I'm logged. How can I achieve this ? Am I missing something on how security works between spring and ff4j ?

score 1 · Accepted Answer · answered Jun 30 '20 at 18:19

Using Spring Security with Java configuration, CSRF protection is enabled by default. In this context, if you make an Ajax request to a REST endpoint using POST method, you will get a csrf token missing error.

To fix it, in class SecurityConfig changeconfigure method with the following. The code has been updated in github as well.

protected void configure(HttpSecurity http) throws Exception {
 http.csrf().disable()
     .authorizeRequests()
     .anyRequest().authenticated()
     .and().formLogin();
}

How to create feature toggling when spring security is enabled on ff4j?

1 Answers1