I am using Spring Security in my web application project. I want to enable csrf protection in my Spring application. My application-context-security.xml is as follows
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security secured-annotations="enabled"/>
<http disable-url-rewriting="true" auto-config="false" access-decision-manager-ref="accessDecisionManager" entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/j_spring_security_logout" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/>
<!-- Enable CSRF protection -->
<csrf />
<access-denied-handler ref="accessDeniedHandler"/>
</http>
<!-- Remaining information -->
</beans:beans>
I am using Spring 3.0.5 jars for my project.
While running though, I get the following error
SEVERE: Exception sending context initialized event to listener
instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'csrf'.
One of
'{"http://www.springframework.org/schema/security":intercept-url,
"http://www.springframework.org/schema/security":access-denied-handler,
"http://www.springframework.org/schema/security":form-login,
"http://www.springframework.org/schema/security":openid-login,
"http://www.springframework.org/schema/security":x509,
"http://www.springframework.org/schema/security":http-basic,
"http://www.springframework.org/schema/security":logout,
"http://www.springframework.org/schema/security":session-management,
"http://www.springframework.org/schema/security":remember-me,
"http://www.springframework.org/schema/security":anonymous,
"http://www.springframework.org/schema/security":port-mappings,
"http://www.springframework.org/schema/security":custom-filter,
"http://www.springframework.org/schema/security":request-cache}'
is expected.
I tried searching for this error on google. I found a couple of similar places, but they both said the error was due to some change in Spring 3.2+. However, in my case I am using Spring 3.0.5.
Any help would be appreciated.
I think the csrf shortcut of spring security was introduced with the version 3.2.0 (see blogpost)
Maybe you should considerate updating your used spring version
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加