Spring boot rest endpoint (POST)

Hi,
I would like to have rest endpoints available under /api/** url. I already configured spring security to ignore /api/** route (for now), but when I create @RestController with @PostMapping - call to this endpoint is highjacked by vaadin - endpoint itself is never called and I got some html response. When I change this to GET mapping - endpoint is being called normally. I would like to have proper rest like POST / DELETE / PATCH, not just GET mappings. What am I missing?

Did you also configure CSRF token correctly? POST requests are secured by them by default

haha, just found your answer for “Spring RestController gets redirected to Login no matter what I do”, and looks like I forgot to disable csrf :slightly_smiling_face: It’s working now!

Can you show how you disabled csrf? I have a very similar problem where a call back to the endpoint gets redirect to login no matter what. All of the examples to disable csrf don’t seem to have any effect at all.

Can someone post the code here? Neither of these seem to work:

http
.authorizeRequests()
.antMatchers(“/", "/VAADIN/”, “/webhook”).permitAll()
.and()
.httpBasic()
.and()
.formLogin().permitAll()
.and().csrf().disable();

Or just the simpler: http.csrf().disable(); - it’s like I did nothing at all

Are you extending VaadinWebSecurity? It also configures csrf so it may override your disabling

Yes

@secure-leopard is there a way around that? Maybe I am approaching this the wrong way. I am calling an API to do something for me… but, instead of polling to see if it is finished (it takes about 1/3 in time to process as the length of the audio so polling not always the best option… so I give it a REST Endpoint as a Webhook that it will post back to. When it tries to post back to that it does the 302 and redirect to login. But, is it possible to create a public API where users won’t have to be logged in? It’s computer to computer so no login.