Spring Security .antMatchers(HttpMethod.POST, "/login").permitAll() is not working

Hello,

I am trying to enable a POST authentication api as per below but all requests are gettig a 401:

@Override
protected void configure(HttpSecurity http) throws Exception {

    http
    .requestCache()
       .requestCache(new NullRequestCache())
       .and()
    .authorizeRequests()
        .antMatchers(HttpMethod.POST, "/login").permitAll()            
        .and()
        .addFilter(getAuthenticationFilter())
    .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
    .csrf().disable();
}

private AuthenticationFilter getAuthenticationFilter() throws Exception {
    final AuthenticationFilter filter = new AuthenticationFilter(authenticationManager(), usersService);
    return filter;
}

I am testing with curl as per below:

$ curl -X POST http://localhost:8083/login -H 'Content-Type: application/json' -H 'cache-control: no-cache' -d '{ "emai l":"test2@test.com", "password":"12345678" }' -v Note: Unnecessary use of -X or --request, POST is already inferred. * Trying ::1:8083... * Connected to localhost (::1) port 8083 (#0)

POST /user HTTP/1.1 Host: localhost:8083 User-Agent: curl/7.69.1 Accept: / Content-Type: application/json cache-control: no-cache Content-Length: 51

• upload completely sent off: 51 out of 51 bytes
• Mark bundle as not supporting multiuse < HTTP/1.1 401 < Set-Cookie: JSESSIONID=F9FB82DD74C4B2741EC0FD095D6C0778; Path=/; HttpOnly < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < Cache-Control: no-cache, no-store, max-age=0, must-revalidate < Pragma: no-cache < Expires: 0 < X-Frame-Options: DENY < WWW-Authenticate: Basic realm="Realm" < Content-Length: 0 < Date: Tue, 31 Mar 2020 12:17:10 GMT <
• Connection #0 to host localhost left intact

Am I missing something?

Comment From: rwinch

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.