开启csrf防护后放在WEB-INF外的jsp没有办法获取_csrf的Token
使用<sec:csrfInput />和
input name="${_csrf.getParameterName()}" type="hidden" value="${_csrf.getToken()}" />无效
本人使用jsp + spring mvc + spring security
jsp页面代码如下
<%@ page contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>登入 - layuiAdmin</title>
</head>
<body>
<form action="${pageContext.request.contextPath }/do/login.html" method="post">
<%-- <input name="${_csrf.getParameterName()}" type="hidden" value="${_csrf.getToken()}" />;--%>
<sec:csrfInput />
Text Field:<br />
<%-- <input type="hidden" id="csrfTokenInput" name="_csrf">--%>
<input type="text" name="loginAcct" aria-label="用户名" placeholder="用户名">
<input type="text" name="userPswd" aria-label="密码" placeholder="密码">
<input type="submit" >
</form>
</body>
</html>
pom版本依赖在下面
<properties>
<spring.version>6.0.6</spring.version>
<jakarta.jakartaee-web-api.version>9.1.0</jakarta.jakartaee-web-api.version>
<jakarta.servlet.jsp.jstl-api.version>3.0.0</jakarta.servlet.jsp.jstl-api.version>
<spring.security.version>6.1.8</spring.security.version>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>jakarta.platform</groupId>
<artifactId>jakarta.jakartaee-web-api</artifactId>
<version>${jakarta.jakartaee-web-api.version}</version>
<scope>provided</scope>
</dependency>
<!-- jsp需要依赖! jstl-->
<dependency>
<groupId>jakarta.servlet.jsp.jstl</groupId>
<artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
<version>${jakarta.servlet.jsp.jstl-api.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.web</groupId>
<artifactId>jakarta.servlet.jsp.jstl</artifactId>
<version>${jakarta.servlet.jsp.jstl-api.version}</version>
<exclusions>
<exclusion>
<groupId>jakarta.servlet.jsp.jstl</groupId>
<artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- SpringSecurity对Web应用进行权限管理 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
<!-- <version>6.0.2</version>-->
</dependency>
<!-- SpringSecurity配置 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
<!-- <version>6.0.2</version>-->
<!-- <version>6.0.8</version>-->
</dependency>
<!-- SpringSecurity标签库 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
<!-- <version>6.0.2</version>-->
</dependency>
</dependencies>