Home  >  Forum  >  Spring
Post New Query

HTTP Status 403 - Expected CSRF token not found. Has your session expired?


joined on
March 27,2014
Asked on March 12,2016
Hi, I am creating an application with Spring security and JSF 2. I am getting an exception. How to resolve it and why this error is being thrown?

HTTP Status 403 - Expected CSRF token not found. Has your session expired?

type: Status report

message: Expected CSRF token not found. Has your session expired?

description: Access to the specified resource has been forbidden.
joined on
October 10,2013
Replied on March 12,2016

You need to configure CSRF protection in your view pages.

Spring 4 on wards, XML configuration is by default CSRF enabled. And JavaConfig is already CSRF enabled. So our UI pages should include 

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

Another approach to fix this error is disable CSRF protection.

In XML

<http>
<!-- ... -->
<csrf disabled="true"/>
</http>

In JavaConfig

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable();
}

Find the reference URL



Write Answer









Copyright ©2017 concretepage.com, all rights reserved |Privacy Policy | Contact Us