无法使用Spring安全性使用csrf令牌调用DWR

Question

我在基于java的Web应用程序中使用Spring（3.2.5）和Spring Security（3.2.3）。最近，我在应用程序中添加了csrf支持。

Csrf适用于JSP和jQuery ajax调用上的HTML表单。 但是我收到所有DWR调用的403（Forbidden）错误，因为没有传递csrf令牌。

注意：当没有csrf支持时，DWR调用正常工作。

我该如何解决？

以下是我的配置文件。

安全-config.xml中

<?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

        <security:http auto-config="true" access-denied-page="/accessdenied.html" use-expressions="true">
    <security:intercept-url pattern="/resources/**" access="permitAll" />
    <security:intercept-url pattern="/login.html*" access="permitAll" />
    <security:intercept-url pattern="/dmlexception.html*" access="permitAll" />
    <security:intercept-url pattern="/error.html*" access="permitAll" />
    <security:intercept-url pattern="/exam/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/>

    <security:form-login login-page="/login.html" login-processing-url="/j_spring_security_check"
                    default-target-url="/admin/home.html?type=180180" authentication-failure-url="/login.html?login_error=1" />
    <security:logout invalidate-session="true" logout-success-url="/login.html" logout-url="/j_spring_security_logout" />
    <security:csrf/>
</security:http>

    </beans>

dwrServices.xml

<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:aop="http://www.springframework.org/schema/aop"
        xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
            http://www.directwebremoting.org/schema/spring-dwr http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd">

        <dwr:controller id="dwrController" debug="true" />
        <bean id="DwrService" class="com.x.y.DwrService" >

            <dwr:remote javascript="DwrService" >

                <dwr:include method="dwrCategorybyname" />

            </dwr:remote>
            <aop:scoped-proxy proxy-target-class="false"  />
        </bean>


    </beans>

这就是我使用DWR的方式。

DwrService.dwrCategorybyname(val1,val2, function(data){

            ....

        });