Could not verify the provided CSRF token because your session was not found in spring security -
i using spring security along java config
@override protected void configure(httpsecurity http) throws exception { http .authorizerequests() .antmatchers("/api/*").hasrole("admin") .and() .addfilterafter(new csrftokenresponseheaderbindingfilter(), csrffilter.class) .exceptionhandling() .authenticationentrypoint(restauthenticationentrypoint) .and() .formlogin() .successhandler(authenticationsuccesshandler) .failurehandler(new simpleurlauthenticationfailurehandler());
i using postman testing rest services. 'csrf token' , able login using x-csrf-token
in request header. after login when hit post request(i including same token in request header used login post request) following error message:
http status 403 - not verify provided csrf token because session not found.
can 1 guide me doing wrong.
according spring.io:
when should use csrf protection? our recommendation use csrf protection request processed browser normal users. if creating service used non-browser clients, want disable csrf protection.
so disable it:
@configuration public class restsecurityconfig extends websecurityconfigureradapter { @override protected void configure(httpsecurity http) throws exception { http.csrf().disable(); } }
Comments
Post a Comment