Spring CSRF token does not work, when the request to be sent is a multipart request

Question

I use,

• Spring Framework 4.0.0 RELEASE (GA)
• Spring Security 3.2.0 RELEASE (GA)
• Struts 2.3.16

In which, I use an in-built securi

Answer 1

In this case, since it is a multipart request in which the CSRF token is unavailable to Spring security unless MultipartFilter along with MultipartResolver is properly configured so that the multipart request can be processed by Spring.

MulipartResolver in the applicationContext.xml file has to be registered as follows

The attribute value -1 of maxUploadSize puts no limit on the uploaded file size. This value may vary depending upon the requirements. In case of multiple files, the file size is the size of all uploaded files.

---

Also,

/* 

of of MultipartFilter needs to be changed to

/*

This is a bug in the documentation.

This will work just fine, in case, it is Spring MVC alone.

but if it is an integration of Spring and Struts(2), it incurs another problem in the associated Struts action class. The information of the uploaded file will be null in the associated Struts action class(es).

To solve this particular issue, see this answer to customize a multipart request.