How to login to a spring security login form using cURL?

Question

I am working on a springMVC project in which the user authentication is based on spring security.

the idea is to have a mobile (android) application to be able to se

Answer 1

If CSRF is enabled, you need to capture the token value from the output of every request, in order to use it in the next one.

BASEURL="http://localhost:8080/hac"
csrf=$(curl --silent --cookie-jar cookies.txt -L "$BASEURL/login.jsp" | egrep -o -m1 "[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}")
csrf=$(curl --silent --cookie cookies.txt --cookie-jar cookies.txt -L "$BASEURL/j_spring_security_check" --data "j_username=$USERNAME&j_password=$PASSWORD&_csrf=$csrf" | egrep -o -m1 "[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}" ) 

You can chain more commands in this manner, updating the value of $csrf every time.

This worked on Spring security 3.