I am using CSRF with spring.
When I enabled this, cant submit any form (makes sence since I need the token for every post).
The problem is this:
After I submit a form with a valid token (in my case , the login). all other submit forms keep working... as far as I understand, should not work.
Any idea why is this?
I am using spring 3.2 and security 3.2.5
Thanks
Assuming that you are using JSP and are using the Spring form tags it works as designed.
The token is automatically added to the form through the use of a
RequestDataValueProcessor
. When using the Spring Security namespace or annotation based configuration support theCsrfRequestDataValueProcessor
is automatically configured and added to the configuration.This is also mentioned in the Spring Security reference guide.