spring security 4.2后出现CouldnotverifytheprovidedCSRFtokenbecauseyoursessionwasnotfound

升级到spring security 4.2后，登录不了，出现下面的错误

WARN DefaultHandlerExceptionResolver:361 - Failed to bind request element: org.springframework.web.method.annotation.MethodArgumentTypeMismatchException: Failed to convert value of type 'java.lang.String' to required type 'int'; nested exception is java.lang.NumberFormatException: For input string: "CouldnotverifytheprovidedCSRFtokenbecauseyoursessionwasnotfound."

 

修改spring security配置文件后，解决，如下：

<http use-expressions="true" auto-config="true">
<form-login login-page="/login.do" always-use-default-target="false" />
<logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.do"/>
<!-- 免登录验证，当session还在，防问是会自己登录 -->
<remember-me/>
<custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="myFilter"/>
<access-denied-handler ref="accessDeniedHandler"/>
<!-- 4.0以后默认打开csrf,不允许post,设置为不打开 -->
<csrf disabled="true"/>
<!-- 4.0以后X-Frame-Options的默认大多也是DENY，这种情况下，浏览器拒绝当前页面加载任何Frame页面 -->
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
</http>