Spring security : configure JWT with formLogin

Question

I am trying to configure JWT filter with formLogin authentication. (My server serve UI clients (thats why i need formLogin ) and i am exposing also Rest End Point (to be authenticated by JWT ). currently my JWT is working, but it seems that my Roles (anyRole) -- isnt working.

here is my configure method: post login -> if I am trying to reach /kuku path - I get 302 and login page again.

if i am removing the addFilterBefore -> my roles is working fine.

protected void configure(HttpSecurity http) throws Exception {

    http.
            authorizeRequests()
            .antMatchers("/login").permitAll()
            .antMatchers("/").hasRole("ADMIN")
            .antMatchers("/kuku/**").hasRole("ADMIN")
            .anyRequest()
            .authenticated()
            .and()
            .formLogin().defaultSuccessUrl("/inital.html", true)
    ;


    http.addFilterBefore(new JwtFilter(), UsernamePasswordAuthenticationFilter.class);



    
        @Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    String userName = "Admin"; // currently due to Vault IMPL - this  input is hardcoded .
    String password ="Admin"
    auth.inMemoryAuthentication()
            .withUser(userName).password(passwordEncoder().encode(password))
            .roles("ADMIN");
}

Answer 1

Try adding csrf().disable() to your configure(http) method. This worked in my case where I have similar configuration as yours. Although, I suggest searching for whether or not this is secure, because this disables built-in csrf protection.