提交表单时出现 InvalidCsrfTokenException
InvalidCsrfTokenException when submitting a form
我在基于 spring 的 Web 应用程序(版本 4.1.6.RELEASE、spring 安全 4.0.0.RELEASE)中工作,但出现错误InvalidCsrfTokenException: Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'. 提交表单后(POST 方法)。根据 spring's documentation "Spring Security automatically inserts a CSRF form field for any <form:form> tags you use",为什么我会收到此异常?
提前致谢。
这是我的 spring 安全配置:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http use-expressions="true" disable-url-rewriting="true">
<headers>
<frame-options/>
<xss-protection/>
<hsts/>
</headers>
<csrf/>
<intercept-url pattern="/welcome" access="isAuthenticated()" />
<!-- some others urls to intercept -->
<form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
<session-management>
<concurrency-control max-sessions="1" expired-url="/login" />
</session-management>
</http>
这是我的表单的定义(不包括它包含的字段):
<form:form action="myaction" method="post" enctype="multipart/form-data" id="formId" modelAttribute="myBean">
</form:form>
任何帮助将不胜感激
出现此问题是因为您使用的是 多部分 表单。请在此处查看已接受的答案:
Spring CSRF token does not work, when the request to be sent is a multipart request
我在基于 spring 的 Web 应用程序(版本 4.1.6.RELEASE、spring 安全 4.0.0.RELEASE)中工作,但出现错误InvalidCsrfTokenException: Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'. 提交表单后(POST 方法)。根据 spring's documentation "Spring Security automatically inserts a CSRF form field for any <form:form> tags you use",为什么我会收到此异常?
提前致谢。
这是我的 spring 安全配置:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http use-expressions="true" disable-url-rewriting="true">
<headers>
<frame-options/>
<xss-protection/>
<hsts/>
</headers>
<csrf/>
<intercept-url pattern="/welcome" access="isAuthenticated()" />
<!-- some others urls to intercept -->
<form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
<session-management>
<concurrency-control max-sessions="1" expired-url="/login" />
</session-management>
</http>
这是我的表单的定义(不包括它包含的字段):
<form:form action="myaction" method="post" enctype="multipart/form-data" id="formId" modelAttribute="myBean">
</form:form>
任何帮助将不胜感激
出现此问题是因为您使用的是 多部分 表单。请在此处查看已接受的答案:
Spring CSRF token does not work, when the request to be sent is a multipart request