I wrote a service using Basic Authentication and Spring Security. From Postman GET calls work fine, but POST calls fail. Using another client (Advanced REST client) I have no problems with POST.
Upon further research I discovered that the issue is that Spring Security is sending 302 redirects and Postman isn’t handling them for POST calls.
Is this a bug in Postman?
Is there a setting in Postman to make it work? I tried using “Follow original HTTP Method” but it did not cause the call to succeed.
Just as a comment, I like the option to turn off following redirects in Postman, it helped me identify this issue, and I am using it to work on the server code to make it return 401 (instead of 302) after authentication - as it is the preferred best practice.
Thanks in advice for any insight.
Doesn’t affect the issue/resolution, but I discovered that cause for the 302 redirects isn’t the BASIC authentication, it is an automatic redirect when using http:// instead of https://. Spring security sees the http:// and says “no way”, suggesting a redirect to https://. So the issue is much less troubling as a client app would typically be coded to go to the https:// URL.
The other REST client apps handle that redirect automatically for GET and POST, while Postman only handles it automatically for GET. It would be nice if it did (or there was a setting) to enable automatic handling for POST too.