Spring mvc 服务器中启用csrf保护时httpinvoker不工作

Spring mvc 服务器中启用csrf保护时httpinvoker不工作,spring-mvc,spring-security,csrf,spring-remoting,httpinvoker,Spring Mvc,Spring Security,Csrf,Spring Remoting,Httpinvoker,我有两个使用spring安全性保护的spring web应用程序。这两个应用程序通过SpringHttpInovoker相互通信。访问控制工作正常。但当我在spring中启用标记httpinvoker下的安全性时,返回403状态。Stacktrace如下所示。但同样的代码在没有csrf保护的情况下成功运行。请帮忙 org.springframework.remoting.RemoteAccessException: Could not access HTTP invoker remote ser

我有两个使用spring安全性保护的spring web应用程序。这两个应用程序通过SpringHttpInovoker相互通信。访问控制工作正常。但当我在spring中启用标记httpinvoker下的安全性时,返回403状态。Stacktrace如下所示。但同样的代码在没有csrf保护的情况下成功运行。请帮忙

org.springframework.remoting.RemoteAccessException: Could not access HTTP invoker remote service at [http://172.28.1.162:6060/ReporterRepository/ExposedLinkService.http]; nested exception is java.io.IOException: Did not receive successful HTTP response: status code = 403, status message = [Forbidden]
Spring安全xml:


我认为这里的关键是为HttpInvoker URL创建单独的配置:

<http auto-config="true">
    <intercept-url pattern="/home**" access="ROLE_ADMIN,ROLE_USER" />
            <intercept-url pattern="/admin**" access="ROLE_ADMIN" />
    <form-login 
        login-page="/loginuser" 
        default-target-url="/home" 
        authentication-failure-url="/loginuser?error" 
        username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/loginuser?logout"  />
    <!-- enable csrf protection -->
    <csrf/>
</http>

<authentication-manager erase-credentials="false">
    <authentication-provider user-service-ref="myUserDetailsService" > 
    </authentication-provider>
</authentication-manager>
HttpInvokerProxyFactoryBean HttpinvokerFactory = new HttpInvokerProxyFactoryBean();
HttpinvokerFactory.setServiceInterface(ExposedLinkServiceInterface.class);
HttpinvokerFactory.setServiceUrl(ServiceUrl);
HttpinvokerFactory.setHttpInvokerRequestExecutor(( HttpInvokerRequestExecutor)ServerFramework.getInstance().getBean("httpInvokerRequestExecutor"));//Return the bean httpInvokerRequestExecutor
HttpinvokerFactory.afterPropertiesSet();

ExposedLinkServiceInterface exposedservice = (ExposedLinkServiceInterface) HttpinvokerFactory.getObject();                
List AvailabaleLinks= exposedservice.retrieveAllLinks();