Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'

Question

After configuring Spring Security 3.2, _csrf.token is not bound to a request or a session object.

This is the spring security config:

&l         


        

Answer 1

I used to have the same problem.

Your config use security="none" so cannot generate _csrf:

you can set access="IS_AUTHENTICATED_ANONYMOUSLY" for page /login.jsp replace above config：