CSRF current that is empty in login form using Spring MVC and Spring Security

Question

CSRF current that is empty in login form using Spring MVC and Spring Security

$ {_ csrf.parameterName} and $ {_ csrf.token}, which are empty in the login form. I use Spring 4.1.3 and Spring Security 3.2.5
All configurations are done correctly, but still I get

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

and

<input type="hidden" name="" value=""/>

+4

java spring spring-mvc spring-security

Giridhar Dec 30 '15 at 17:34

source share

1 answer

Giridhar · Answer 1 · 2014-12-30T17:38:16+0000

I found the answer, I put the security filter tags in web.xml on top of any other filters and worked.

CSRF current that is empty in login form using Spring MVC and Spring Security

More articles: