Spring 3.1 MVC，Spring Security 3.1-CSRF令牌 [英] Spring 3.1 MVC, Spring Security 3.1 - CSRF token

问题描述

目前，我正在寻找在Spring MVC和Spring Security表单中包含CRSF令牌的可能性.涵盖这两个(Spring Security + Spring MVC)Servlet并允许呈现和评估CSRF令牌的最简单解决方案是什么?

At the moment I am searching for a possibility to include CRSF tokens in Spring MVC and Spring Security forms. What is the easiest solution that covers both (Spring Security + Spring MVC) servlets and allows to render and evaluate CSRF tokens?

令我惊讶的是，这种基本机制在Springs堆栈中不可用. (我认为这对每个Web应用程序框架都是基本的)

I'm surprised that this basic mechanism is not available in the Springs stack. (which I consider basic for every web application framework)

PS:我看过HDIV，但是也找不到将其与Spring Security一起使用的解决方案. (例如，登录表单由Spring MVC呈现，登录请求由Spring Security处理)

PS: I have looked at HDIV but can't find a solution to use it with Spring Security as well. (e.g. login form gets rendered by Spring MVC and login request gets handled by Spring Security)

推荐答案

Spring 3.1引入了一个名为RequestDataValueProcessor的新接口.使用此界面，您可以轻松地(并且自动-无需更改JSP或控制器！)将CSRF令牌注册到HTTP表单中.您可以在此处中看到详细的示例，该示例也到github上的示例代码(因此您可以从那里获取它并在您的应用程序中使用它).

Spring 3.1 introduced a new interface named RequestDataValueProcessor. Using this interface you can easily (and automatically - without any changes to your JSP or controllers!) register CSRF tokens to HTTP forms. You can see a detailed example in here, it also refers to the sample code on github (so you can just take it from there and use it in your application).

这篇关于Spring 3.1 MVC，Spring Security 3.1-CSRF令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！