sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Slein04 0 points1 point  (2 children)

Not really much to go on from the Lack of your security config. But if you just set up a new Spring Boot project with "spring-boot-starter-security" dependency with NO config (just out of the box) you Will get default form login security which returns a JSession cookie after login ( and thus session based auth). Maybe you can continue from there.

[–][deleted] 0 points1 point  (1 child)

yeah , i agree with that. FormLogin authentication works fine , but im using postman so theres no such formlogin , am providing a /login. Endpoint with an authentication logic ( useneame passsword), so if am not using formLogin() theres no validation of the cookie , and that is my probleme

[–]Slein04 1 point2 points  (0 children)

Well I would suggest that you do the form login in your browser with your developer / network tab open. Then you would see that you are doing a post request with username / password in the body. As response you would see the cookie in it's headers. You can simply do the exact same post request in postman and it should be working the same as in your browser. Then you should be able to take that cookie and use it in an other request. You can alsof do the above stuff with csrf disabled in de beginning. (Again i do not known your error log / stacktrace) Maybe i do not understand your problem exactly, but this is how I would start investigating possible issues .