升级到Spring Security 4,现在是I';我无法登录
我刚刚升级到SpringSecurity4.2.3.RELEASE,现在无法登录。具体来说,当我登录时,提交这些参数升级到Spring Security 4,现在是I';我无法登录,spring,spring-security,csrf,spring-security4,Spring,Spring Security,Csrf,Spring Security4,我刚刚升级到SpringSecurity4.2.3.RELEASE,现在无法登录。具体来说,当我登录时,提交这些参数 OWASP_CSRFTOKEN ZLCK-J3VV-OJTK-8GZW-H68V-C8N6-CE6G-U6AQ j_password aaa j_username mouser 我得到了错误 Could not verify the provided CSRF token because your session was not found. 从上面你可以清楚地看到它就在那里
OWASP_CSRFTOKEN ZLCK-J3VV-OJTK-8GZW-H68V-C8N6-CE6G-U6AQ
j_password aaa
j_username mouser
Could not verify the provided CSRF token because your session was not found.
<beans:bean id="mycoUsernamePasswordUrlAuthenticationFilter"
class="org.collegeboard.myco.core.security.mycoUsernamePasswordUrlAuthenticationFilter">
<beans:property name="filterProcessesUrl" value="/j_spring_security_check" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler">
<beans:bean
class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login/failure" />
<beans:property name="exceptionMappings" ref="exceptionMappings" />
</beans:bean>
</beans:property>
<beans:property name="authenticationSuccessHandler">
<beans:bean
class="org.collegeboard.myco.security.mycoAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/authenticate" />
<beans:property name="sessionService" ref="sessionService" />
</beans:bean>
</beans:property>
</beans:bean>
...
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:constructor-arg name="loginFormUrl" value="/login" />
</beans:bean>
<http name="defaultSecurity" security-context-repository-ref="mycoSecurityContextRepository"
auto-config="false" use-expressions="true" authentication-manager-ref="authenticationManager"
entry-point-ref="loginUrlAuthenticationEntryPoint">
<!-- <access-denied-handler error-page="/denied"/> -->
<custom-filter position="FORM_LOGIN_FILTER"
ref="mycoUsernamePasswordUrlAuthenticationFilter" />
<intercept-url pattern="/lti/launch" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/status" access="permitAll" />
<intercept-url pattern="/termsOfUse" access="permitAll" />
<intercept-url pattern="/privacyPolicy" access="permitAll" />
<intercept-url pattern="/contactUs" access="permitAll" />
<intercept-url pattern="/legal" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
...
<intercept-url pattern="/dwrsetcookie" access="isFullyAuthenticated()" />
<intercept-url pattern="/dwrpageid" access="permitAll" />
<logout invalidate-session="true" logout-success-url="/logout" logout-url="/j_spring_security_logout" />
</http>
<authentication-manager alias="authenticationManager" id="authenticationManager">
<authentication-provider user-service-ref="sbdUserDetailsService">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
...
...
<input type="hidden" name="${_csrf.parameterName}"value="${_csrf.token}"/>
<csrf disabled="true"/>