I am trying to test my webhookController for data, approvals and to make account in database set to active. My problem is when I make trial subscriptions I get a 302 error (redirect). I have setup google Oauth and Spring security which I believe is blocking it. I have edited my SecurityConfig with the below snippet but it is not working. How can I get around this?

@Bean @Order(1) public SecurityFilterChain stripeWebhookChain(HttpSecurity http) throws Exception { http .securityMatcher("/stripe/webhook") .csrf(cs2 -> cs2.disable()) .authorizeHttpRequests(auth -> auth.anyRequest().permitAll()); return http.build(); }

Alicia's user avatar

2

302 means Spring Security is redirecting Stripe to OAuth login.
Your securityMatcher("/stripe/webhook") likely isn’t matching, so the request falls into the authenticated chain.

Just permit the endpoint in your main config:

http.csrf(csrf -> csrf.ignoringRequestMatchers("/stripe/webhook")) .authorizeHttpRequests(auth -> auth .requestMatchers("/stripe/webhook").permitAll() .anyRequest().authenticated());

Tuhin Shaikh's user avatar

1 Comment

I tried that and it didn't work. My security is stubborn. What do you recommend?

2026-02-20T17:06:09.053Z+00:00

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.