I have a login form and want to protect it from csrf attacks.
My spring -security.xml
<sec:http auto-config="true" use-expressions="true"> ... <sec:csrf /> </sec:http>
My jsp file (use tiles):
<form class="navbar-form navbar-right form-inline" method="POST" role="form" action="j_spring_security_check"> <div class="form-group"> <input class="form-control" type="email" name="j_username"> </div> <div class="form-group"> <input class="form-control" type="password" name="j_password"> </div> <button class="btn btn-default" type="submit">Login</button> <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"> </form>
I can resolve, but csrf is empty:
<input type="hidden" value="" name="">
Can anybody help me?
spring-security jsp csrf
Mufanu
source share