将Spring Security升级到3.2.0.RELEASE不再在Spring taglib中提供CSRF令牌 [英] Upgrading Spring Security to 3.2.0.RELEASE no longer provides CSRF token in Spring taglib
问题描述
我的项目使用的是Spring Security 3.2.0.RC2,而我的JSP使用的是Spring taglib的form:form标签,将CSRF令牌自动插入到我的表单中。
My project was using Spring Security 3.2.0.RC2 and my JSP's used the Spring taglib's form:form tag to automatically insert the CSRF token into my forms.
升级到Spring Security 3.2.0.RELEASE之后,我发现form:form标记不再自动将CSRF令牌插入到我的表单中,现在我必须通过将其放入我的表单中来手动添加它:
< input type = hidden name = $ {_ csrf.parameterName} value = $ {_ csrf.token} />
After upgrading to Spring Security 3.2.0.RELEASE, I'm finding that the form:form tag no longer automatically inserts the CSRF token into my form, and that I now must manually add it via placing this in my form: <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
还有其他人吗遇到同样的问题?如果是这样,您如何解决?谢谢。
Has anyone else encountered the same issue? If so, what did you do for a workaround? Thanks.
推荐答案
您需要确保使用的是 @EnableWebMvcSecurity
注释,而不是
You need to ensure you are using the @EnableWebMvcSecurity
annotation instead of the @EnableWebSecurity
annotation as described in Hello Spring MVC Security Java Config. The reason adding the new annotation was to resolve SEC-2436. You will notice that SEC-2463 was added to better document this within the CSRF part of the reference.
这篇关于将Spring Security升级到3.2.0.RELEASE不再在Spring taglib中提供CSRF令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!