In the current version of Spring Boot (v2.1.0.RELEASE), the easiest way to get rid of the security issues is to add “WebSecurityConfig.java” to your project as follows:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
Note of course that this removes protection against cross-site request forgery, so this is really only appropriate for simple read-only endpoints.