Expected CSRF token not found. Has your session expired?




Asked on March 12, 2016
Hi, I am creating an application with Spring security and JSF 2. I am getting an exception. How to resolve it and why this error is being thrown?

HTTP Status 403 - Expected CSRF token not found. Has your session expired?

type: Status report

message: Expected CSRF token not found. Has your session expired?

description: Access to the specified resource has been forbidden.



Replied on March 12, 2016
You need to configure CSRF protection in your view pages.

Spring 4 on wards, XML configuration is by default CSRF enabled. And JavaConfig is already CSRF enabled. So our UI pages should include 

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

Another approach to fix this error is disable CSRF protection.

In XML

<http>
<!-- ... -->
<csrf disabled="true"/>
</http>

In JavaConfig

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable();
}

Find the reference URL





Write Answer










©2024 concretepage.com | Privacy Policy | Contact Us