Spring Security permitAll() and CSRF See this link dor the original question this repo was created for.