.net

.net

博客园 首页 新随笔 联系 订阅 管理

升级到spring security 4.2后,登录不了,出现下面的错误

WARN DefaultHandlerExceptionResolver:361 - Failed to bind request element: org.springframework.web.method.annotation.MethodArgumentTypeMismatchException: Failed to convert value of type 'java.lang.String' to required type 'int'; nested exception is java.lang.NumberFormatException: For input string: "CouldnotverifytheprovidedCSRFtokenbecauseyoursessionwasnotfound."

 

修改spring security配置文件后,解决,如下:

<http use-expressions="true" auto-config="true">
<form-login login-page="/login.do" always-use-default-target="false" />
<logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.do"/>
<!-- 免登录验证,当session还在,防问是会自己登录 -->
<remember-me/>
<custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="myFilter"/>
<access-denied-handler ref="accessDeniedHandler"/>
<!-- 4.0以后默认打开csrf,不允许post,设置为不打开 -->
<csrf disabled="true"/>
<!-- 4.0以后X-Frame-Options的默认大多也是DENY,这种情况下,浏览器拒绝当前页面加载任何Frame页面 -->
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
</http>

posted on 2018-01-15 10:44  航宇  阅读(2373)  评论(0编辑  收藏  举报