Clever Geek Handbook

$ {_ csrf.parameterName} and $ {_ csrf.token} return null

For me, no CSRF token is generated .... I searched a lot of links, haven't found a solution yet

Getting this error

An invalid CSRF token "null" was found in the request parameter "_csrf" or the header "X-CSRF-TOKEN".

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
    <c:url value="/j_spring_security_check" var="postUrl"/>
    <form action="${postUrl}" method="post" >
        <c:if test="${param.error != null}">     
        <p>Invalid username and password.</p>
        </c:if>
        <c:if test="${param.logout != null}">  
        <p>You have been logged out.</p>
        </c:if>
        <p>
            <label for="username">Username</label>
             <input type="text"
                id="username" name="username" /> 
        </p>
        <p>
            <label for="password">Password</label> <input type="password"
                id="password" name="password" /> 
        </p>


        <input type="text" 
        name="${_csrf.parameterName}"
            value="${_csrf.token}" />

        <button type="submit" class="btn">Log in</button>
    </form>
</body>
</html>

In pom.xml

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-core</artifactId>
    <version>4.0.1.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
    <version>4.0.1.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>4.0.1.RELEASE</version>
</dependency>
+3


source to share


1 answer


For me, I have the same error and the problem is that I was missing the following configuration in web.xml,



<!-- Spring Security Filter -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
0


source






More articles:


All Articles