java - Invoking ${_csrf.parameterName} & ${_csrf.token} in the logout form through url click instead -


hello i'm learning security through spring, read sentence tutorial if csrf enabled, have include _csrf.token in page want login or logout.

here's how invoke them through submit button :

    <c:url var="logoutaction" value="/j_spring_security_logout" />                         <form action="${logoutaction}" method="post">         <input type="submit" value="logout" />         <input type="hidden" name="${_csrf.parametername}" value="${_csrf.token}" />         </form>

my question how if they're got invoked in form of <a href=".."> :

<c:url var="logoutaction" value="/j_spring_security_logout" />     <a href="${logoutaction}"> logout</a>

how invoke csrf protection in above form, hope question thank you.

you configured incorrectly, should first include spring tag library using jsp directive this:

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

then within form make sure included:

<sec:csrfinput />

for example:

<form method="post" action="/do/something">         <sec:csrfinput />         name:<br />         <input type="text" name="name" />         ... </form>

do same logout link, use form. here's example project:

<form id="logoutform" method="post" action='<c:url value="/logout"/>'>     <sec:csrfinput/> </form>

Comments

Post a Comment

Popular posts from this blog

routing - AngularJS State management ->load multiple states in one page -

Image
i developing site in angularjs ui-router. have situation on button click need change , load 3 state page , 3 looks image .please me how can load multiple pages. in 1 page you need configure router config this: $stateprovider .state("state1", { url: "/url1", controller: "firstcontroller", views: { view1: { templateurl: "templates/template1.html" }, view2: { templateurl: "templates/template2.html" }, view3: { templateurl: "templates/template3.html" } } }).state("state2", { url: "/url2", controller: "secondcontroller", views: { view1: { templateurl: "templates/template4.html" }, view2: { templateurl: "templates/template5.html" }, view3: { templateurl: "templates/template6.html" } }).state("state3", { ...
Read more

python - GRASS parser() error -

i'm trying use grass on python 2.7, i'm having problems @ setting script on idle, i'm getting error @ parser() function: here script: import os import sys gisbase = os.environ['gisbase'] = 'c:\program files (x86)\grass gis 7.0.1rc1' gisrc = 'c:\grassdata' gisdbase = 'c:\grassdata' location = 'newlocation' mapset = 'tc' ld_library_path = 'c:\program files (x86)\grass gis 7.0.1rc1\lib' path = 'c:\program files (x86)\grass gis 7.0.1rc1\etc';'c:\program files (x86)\grass gis 7.0.1rc1\etc\python';'c:\program files (x86)\grass gis 7.0.1rc1\lib';'c:\program files (x86)\grass gis 7.0.1rc1\bin';'c:\python27';'c:\program files (x86)\grass gis 7.0.1rc1\python27';'c:\program files (x86)\grass gis 7.0.1rc1\msys' pythonlib = 'c:\python27' pythonpath = 'c:\program files (x86)\grass gis 7.0.1rc1\etc\python' sys.path.append(os.path.join(os.environ['...
Read more

json - Gson().fromJson(jsonResult, Myobject.class) return values in 0's -

Image
i have json {"fechaupdateid":1,"fechasegundos":635902782941643690,"fechasegundosbc":635902779020935030} i execute command convert object fechaupdate dto = new gson().fromjson(json, fechaupdate.class); but got result this fechaupdate class public class fechaupdate { public int getfechaupdateid() { return fechaupdateid; } public void setfechaupdateid(int fechaupdateid) { this.fechaupdateid = fechaupdateid; } public long getfechasegundosbc() { return fechasegundosbc; } public void setfechasegundosbc(long fechasegundosbc) { this.fechasegundosbc = fechasegundosbc; } public long getfechasegundos() { return fechasegundos; } public void setfechasegundos(long fechasegundos) { this.fechasegundos = fechasegundos; } private int fechaupdateid ; private long fechasegundos ; private long fechasegundosbc; } solved ...
Read more