Shulou(Shulou.com)06/03 Report--

This article mainly shows you "how to use CsrfFilter filter in SpringSecurity", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "how to use CsrfFilter filter in SpringSecurity" this article.

The default login page provided by the spring security framework has a hidden field with the value of the name attribute _ csrf:

This is generated by the framework before the user visits the login page, saved in memory, and will be submitted with the user when the form is submitted: _ csrf_formdata

Then it goes through the CsrfFilter filter in the configuration file spring-security.xml in the spring security framework resources directory:

Check that the value of the _ csrf hidden field submitted by the form is consistent with that saved in memory, and if the consistent framework assumes that the login page is secure, if not, a 403forbidden error will be reported. However, when using a custom login page, you need to turn off the CsrfFilter filter, because the custom page does not have such a hidden field.

The above is all the content of the article "how to use CsrfFilter filter in SpringSecurity". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.