我们正在使用Spring saml实现SSO,在用户被重定向到应用程序后进行身份验证后我们会遇到问题
Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'
以下是我的代码。的login.html
<form class="form" role="form" ng-submit="login($event)">
<div class="form-group">
<label for="username">Login</label>
<input type="text" class="form-control" id="username" placeholder="Your login" ng-model="username">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" class="form-control" id="password" placeholder="Your password"
ng-model="password">
</div>
<div class="form-group">
<label for="rememberMe">
<input type="checkbox" id="rememberMe" ng-model="rememberMe" checked>
<span>Automatic Login</span>
</label>
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<button type="submit" class="btn btn-primary">Authenticate</button>
</form>
的index.html
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="_csrf_parameter" content="_csrf" />
<meta name="_csrf_header" content="X-CSRF-TOKEN" />
<meta name="_csrf" content="${_csrf.token}" />
Secutityconfig.java
@Bean
public CsrfTokenRepository csrfTokenRepository()
{
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setSessionAttributeName("_csrf");
return repository;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class)
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
请指导我做错了什么。
谢谢&amp;问候 马赫什