对我来说,没有生成CSRF令牌....我搜索了许多链接仍然没有找到解决方案
获取此错误
无效的CSRF令牌' null'在请求参数' _csrf'上找到 或标题' X-CSRF-TOKEN'。
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<c:url value="/j_spring_security_check" var="postUrl"/>
<form action="${postUrl}" method="post" >
<c:if test="${param.error != null}">
<p>Invalid username and password.</p>
</c:if>
<c:if test="${param.logout != null}">
<p>You have been logged out.</p>
</c:if>
<p>
<label for="username">Username</label>
<input type="text"
id="username" name="username" />
</p>
<p>
<label for="password">Password</label> <input type="password"
id="password" name="password" />
</p>
<input type="text"
name="${_csrf.parameterName}"
value="${_csrf.token}" />
<button type="submit" class="btn">Log in</button>
</form>
</body>
</html>
在pom.xml中
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
答案 0 :(得分:0)
对我来说,我得到了同样的错误,问题是我在web.xml中缺少以下配置,
<!-- Spring Security Filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
答案 1 :(得分:0)
就我而言,只需在web.xml中启用CSRF标记,它就可以为我工作。