CSRF token was not automatically added as hidden parameter

Question

Trying a sample application integrating HDIV with Spring Security CSRF and facing a problem - CSRF token is not automatically added as hidden parameter to the generated form.

The configuration in Spring security-config.xml

<security:http auto-config="true">
    ...
    <security:csrf/>
</security:http>

But when we explicitly add the following line to the form, CSRF validation works.

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

The version details:

HDIV : 2.1.9
Spring : 3.2.13 (Also tried with 4.0.5.RELEASE)
Spring Security: 3.2.6.RELEASE (Also tried with 3.2.4.RELEASE)

Appreciate any clues/inputs..

score 0 · Answer 1 · answered Apr 02 '15 at 10:19

0

My bad, was using html form instead of Spring form. Once changed to Spring <form:form, it's working fine.

answered Apr 02 '15 at 10:19

Naveen

41
1
3

CSRF token was not automatically added as hidden parameter

1 Answers1