You need to ensure you are using the @EnableWebMvcSecurity
annotation instead of the @EnableWebSecurity
annotation as described in Hello Spring MVC Security Java Config. The reason adding the new annotation was to resolve SEC-2436. You will notice that SEC-2463 was added to better document this within the CSRF part of the reference.
Upgrading Spring Security to 3.2.0.RELEASE no longer provides CSRF token in Spring taglib
-
29-09-2022 - |
Question
My project was using Spring Security 3.2.0.RC2 and my JSP's used the Spring taglib's form:form tag to automatically insert the CSRF token into my forms.
After upgrading to Spring Security 3.2.0.RELEASE, I'm finding that the form:form tag no longer automatically inserts the CSRF token into my form, and that I now must manually add it via placing this in my form: <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
Has anyone else encountered the same issue? If so, what did you do for a workaround? Thanks.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow