How to login to a spring security login form using cURL?

Question

I am working on a springMVC project in which the user authentication is based on spring security.

the idea is to have a mobile (android) application to be able to se

Answer 1

Use cURL like this:

 curl -d j_username=admin -d j_password=admin -L http://localhost:8080/app/j_spring_security_check

CSRF

If you get something like Expected CSRF token not found. Has your session expired? that means that CSRF token protection is enabled. To test it with cURL you need a cookie and a CSRF token itself.

The following command will write all cookies to a file named cookie and print out the CSRF token. Spring Security default token parameter name is _csrf, if you've changed it then you need to change grep csrf also.

curl --cookie-jar cookie -L http://localhost:8080/app/j_spring_security_check  | grep csrf

Then you can execute next command which will pass all cookies from file. Don't forget to replace |your_token_value| with an actual value which is printed out by the previous command (and _csrf parameter name if you've changed it).

curl --cookie cookie -d "j_username=admin&j_password=admin&_csrf=|your_token_value|" -L http://localhost:8080/app/j_spring_security_check

From Spring Security 3.x to 4.x

Note that in Spring Security 4.x default value for login-processing-url changed from /j_spring_security_check to POST /login, default value for username-parameter changed from j_username to username and default value for password-parameter changed from j_password to password. If an application explicitly provides these attributes, no action is required for the migration.