工作中遇到的问题,这里记录下,也希望能够帮助同学们少走弯路
为了快速帮助快速解决问题,我决定首先呈现问题的表现,再进行分析
环境:spring 4.2.3
spring security 4.1.3
表现:
2016-10-26 22:44:02 [http-apr-9080-exec-10] DEBUG org.springframework.security.web.csrf.CsrfFilter - Invalid CSRF token found for XXX
2016-10-26 22:44:02 [http-apr-9080-exec-10] DEBUG org.springframework.security.web.header.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@c3339ef
2016-10-26 22:44:02 [http-apr-9080-exec-10] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
前台使用AJAX向后台传输数据时候控制台报出上述错误,再未集成Spring Security时不会出现此现象
解决方法:
如果前端使用的JSP
可以在前端页面的<head>标签中增加两个<meta>标签
如下
<html