I have a relativly small vaadin app which also contain a few rest endpoints. The app is run only in-house and had no critical information on it - but want security to limit some pages. However, when I put in security, many of the rest endpoint (post & put) stop working and redirect.
The rest end points do not need any security as they are machines taking to the app and posting status updates.
Ive been told that taking out crfs disable will work - and it does, but it disables all security also.
| @Bean | |
|---|---|
| public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { | |
| http.csrf(AbstractHttpConfigurer::disable); | |
| return http.build(); | |
| } |
When I do this, the users are not redirected to a logon page and any client can do anything)
All of the “get” request pass through without redirect, however the post redirect.
Is there a way to a) allow all rest endpoint to pass through, or b) having the rest endpoint logon? (I can not seen to figure out how to log on a rest client 
)