Spring Cloud Openfeign feign client call basic auth protected POST endpoint failed.

cloud Finchley.SR2 boot 2.0.5

i have a client and a basic auth protected service. the client can access GET endpoint, but when access POST endpoint feign throws:

feign.FeignException: status 401 reading Client#postHandlerWithoutParam()
    at feign.FeignException.errorStatus(FeignException.java:60) ~[feign-core-9.7.0.jar:na]
    at feign.codec.ErrorDecoder$Default.decode(ErrorDecoder.java:89) ~[feign-core-9.7.0.jar:na]
    at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:143) ~[feign-core-9.7.0.jar:na]
    at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:77) ~[feign-core-9.7.0.jar:na]
    at feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:102) ~[feign-core-9.7.0.jar:na]
    at com.sun.proxy.$Proxy73.postHandlerWithoutParam(Unknown Source) ~[na:na]
    at com.ymmihw.ClientController.post(ClientController.java:21) ~[classes/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_181]

moreover, access the GET endpoint with param also failed with same exception.

thank you for help.

the code samples are available over on Github.

Comment From: ryanjbaxter

If you just make a POST request to the service app without feign (just using curl for example) it also fails with a 401 so I dont think it has anything to do with feign. You spring security config probably needs to be adjusted

Comment From: ymmihw

thanks for reply.

my client runs on 8080, and service on 9090. client use feign and basic auth interceptor call service endpoint.

if i make a GET request to client, the behavior is correct. but POST request or GET request with param is not.

maybe i missunderstand some concept of feign.

thanks

Comment From: ymmihw

spring securiy enables csrf protection, i will try to disable it.

Comment From: vjaybhas1

Was that issue resolved after disabling the CSRF protection?. I am also getting the same exception while calling REST API using feign client.

Comment From: ymmihw

Was that issue resolved after disabling the CSRF protection?. I am also getting the same exception while calling REST API using feign client.

yes.

CSRF protection may cause this issue

Comment From: urielnat

how to disable the CSRF protection?

Comment From: vjaybhas1

how to disable the CSRF protection?

write the below line in your configuration class. http.csrf().disable();

Comment From: la3rence

even I've disabled the csrf protection, this problem also happened...

Comment From: pratikdandavate

Is there any yml configuration to pass headers to FeignClient so that no manual configuration is needed?

Comment From: la3rence

Here's my solution. It's not safe but it worked:

@Configuration
public class WebMvcConfiguration implements WebMvcConfigurer {

    @Configuration
    public static class ApiWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
        @Override
        public void configure(WebSecurity web) throws Exception {
            web.ignoring().antMatchers(
                    "/yourfeign/api",
                    "/otherfeign/noneedtoauth"
            );
        }
    }