I have 3 API endpoints all having GET, POST & DELETE functions, 3 are secured using spring boot security,

  1. /api/travel
  2. /api/employees
  3. /api/assoc

I want /api/employees’s POST to be publicly accessible, because it’s my Sign-up logic as obviously the user doesn’t have to sign in to sign up.

Below is the Config file’s filter snipppet thats not working:

public SecurityFilterChain securityFilterChain(HttpSecurity security) throws Exception{
        return security.csrf(csrf->csrf.disable())
                .authorizeHttpRequests(authorize -> authorize
                        .requestMatchers(HttpMethod.POST, "/api/employees").permitAll()


I tried POSTing the body as Json in Postman to /api/employees with no authorisation header, but it is giving me 401 unauthorised.

New contributor

Adarsh Gupta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.